07-11-2019 05:40 AM
Hey guys!
Wasn't sure if this belonged in the ISE or Firewall forums... anyway...
As they subject says, do DAPs even matter if ISE is the AAA server? I currently have a handful of DAPs and got to thinking - since ISE is in charge of authc/authz now, do I even need any DAPs? I'm only using them to push down ACLs and verify group membership via LDAP attribute maps. Wondering if I can just remove them all and edit the default policy to "continue" (as opposed to "terminate"). Am I missing something?
Thoughts?
Thanks!!
mitch
Solved! Go to Solution.
07-11-2019 06:03 AM
You aren't missing anything. I always have customers strip out all the DAPs when I implement ISE and we control everything from ISE. Using ISE allows for central control of policies instead of having to managed DAPs on the ASAs.
07-11-2019 06:03 AM
You aren't missing anything. I always have customers strip out all the DAPs when I implement ISE and we control everything from ISE. Using ISE allows for central control of policies instead of having to managed DAPs on the ASAs.
07-11-2019 06:08 AM
Perfect! Thank you Paul!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide