cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
881
Views
0
Helpful
3
Replies

ACS to ISE config issues

Si
Level 1
Level 1

Hi,
Im trying to migrate VPNS from ACS to ISE but i cannot quite get used to the ISE.

Below is a picture of my Authentication rule id like replicating on ISE but so far i have had no joy. Any points would be greatly received.

If the network source IP is trusted Rule 1 is hit and ISS is just use AD

If the network source IP is untrusted Rule 2 is hit and ISS is just use OTP Then AD

Im not 100% on the authorisation aspect either.

I think im want something along the lines of Ad:Group/x/x/x/x and TunnelGroup xxx = Permit/Apply ACL else Deny

I can pass authentiation from the ASA to ISE, one thing i have noticed in the aaa report, in the AV pairs the tunnel group name is not listed.

Many thanks in advance

S

VPN.jpg

3 Replies 3

blenka
Level 3
Level 3

Hi Basant,

I dont think thats quite what im looking for. I need to work out how to add new rules for IPsec VPN tunnels and SSL VPN

Muhammad Munir
Level 5
Level 5

Hi

FYI

Cisco Secure ACS and Cisco ISE exist on different hardware platforms and have  different operating systems, databases, and information models. Therefore, you  cannot perform a standard upgrade from Cisco Secure ACS to Cisco ISE. Instead,  the Cisco Secure ACS to Cisco ISE Migration Tool reads data from Cisco Secure  ACS and creates corresponding data in Cisco ISE.

For migrating the policies, and all other information, please visit the following link particularly the chapter 3,4,5:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/migration_guide/ise_migration_guide/ise_mig_preface.html