Solved: ASA - ISE GEO location integration for VPN users

Amit Dhanawade · ‎04-12-2018

I have a scenario wherein the customer wants to block traffic coming from international locations. Currently he is terminating any connect users ( VPN ) on ASA 5585 - SSP10

Three types of users typically connect to Vodafone network.

Partners
Vodafone Employees
Off-roll employees

Scenario expected

If and only if the Vodafone employee is connecting to the network from international location ( outside india ) they that connection should be allowed , All other connections from outside India should be blocked
If the user is within India then it should be allowed no matter

Is there a solution around this ?

Jason Kunst · ‎04-12-2018

Perhaps with an mdm provider providing the location context and mdm integration

Please keep in mind this is public forum would recommend removing customer name

View solution in original post

Jason Kunst · ‎04-12-2018

Perhaps with an mdm provider providing the location context and mdm integration

Please keep in mind this is public forum would recommend removing customer name

Timothy Abbott · ‎04-12-2018

To add to Jason's reponse, geo location functionality is something not native in ISE currently. I know that Meraki Systems Manager has the ability to flag a device compliant or not based on location so you could be a solution like that to meet the customer's needs.

Regards,

-Tim