02-26-2014 08:23 AM - edited 03-10-2019 09:27 PM
Hi,
Im trying to migrate VPNS from ACS to ISE but i cannot quite get used to the ISE.
Below is a picture of my Authentication rule id like replicating on ISE but so far i have had no joy. Any points would be greatly received.
If the network source IP is trusted Rule 1 is hit and ISS is just use AD
If the network source IP is untrusted Rule 2 is hit and ISS is just use OTP Then AD
Im not 100% on the authorisation aspect either.
I think im want something along the lines of Ad:Group/x/x/x/x and TunnelGroup xxx = Permit/Apply ACL else Deny
I can pass authentiation from the ASA to ISE, one thing i have noticed in the aaa report, in the AV pairs the tunnel group name is not listed.
Many thanks in advance
S
02-26-2014 10:29 AM
please find the link below may help you.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_guest_pol.html#wp1554378
02-27-2014 12:11 AM
Hi Basant,
I dont think thats quite what im looking for. I need to work out how to add new rules for IPsec VPN tunnels and SSL VPN
02-27-2014 06:49 AM
Hi
FYI
Cisco Secure ACS and Cisco ISE exist on different hardware platforms and have different operating systems, databases, and information models. Therefore, you cannot perform a standard upgrade from Cisco Secure ACS to Cisco ISE. Instead, the Cisco Secure ACS to Cisco ISE Migration Tool reads data from Cisco Secure ACS and creates corresponding data in Cisco ISE.
For migrating the policies, and all other information, please visit the following link particularly the chapter 3,4,5:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide