05-24-2016 07:46 AM - edited 03-10-2019 11:48 PM
Hi,
I need to achieve different level of remote vpn user access for the network.
I do have Cisco ASA 5520 (SSL VPN) that max support IOS version 9.1.x. It does not support 9.2.x so It does not support CoA (posturing & remediation).
http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/compatibility/ise_sdt.html
! — Limited support, some functionalities are not supported for posturing.
Can I still use dACL for the remote vpn user?
Note: I have Cisco ISE 1.4. I do not want to use IPN and do not want to replace ASA firewall at the moment.
Regards,
Anser
Solved! Go to Solution.
05-25-2016 01:54 AM
There is nothing special in this scenario. The ASA uses the ISE as RADIUS authentication-server. On the ISE you define an Authorization-profile for the VPN-user that includes a dACL. That's all.
05-24-2016 07:49 AM
I you just want to push a dACL to the user when they login using AnyConnect, that shouldnt be a problem.
05-24-2016 02:24 PM
05-25-2016 01:45 AM
Hi,
I need to do downloadable ACL for remote VPN users. I can not move to ISE 2.0 due to hardware limitation.
Can you share the config example from ASA 5520 (9.1.x) side to ISE?
Regards,
05-25-2016 01:53 AM
Hi All ,
i have similar case here , if you can share a sample configuration on the ASA 5520 ( 9.1 os)
that allow me to push a DACL to the remote vpn user ,
Thanks
05-25-2016 01:54 AM
There is nothing special in this scenario. The ASA uses the ISE as RADIUS authentication-server. On the ISE you define an Authorization-profile for the VPN-user that includes a dACL. That's all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide