cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1079
Views
0
Helpful
5
Replies

ASA5520 version 9.1.x and ISE 1.4 Limitations - dACL

Hi,

I need to achieve different level of remote vpn user access for the network. 

I do have Cisco ASA 5520 (SSL VPN) that max support IOS version 9.1.x. It does not support 9.2.x so It does not support CoA (posturing & remediation).

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/compatibility/ise_sdt.html

— Limited support, some functionalities are not supported for posturing.

Can I still use dACL for the remote vpn user? 

Note: I have Cisco ISE 1.4. I do not want to use IPN and do not want to replace ASA firewall at the moment.

Regards,

Anser

1 Accepted Solution

Accepted Solutions

There is nothing special in this scenario. The ASA uses the ISE as RADIUS authentication-server. On the ISE you define an Authorization-profile for the VPN-user that includes a dACL. That's all.

View solution in original post

5 Replies 5

jan.nielsen
Level 7
Level 7

I you just want to push a dACL to the user when they login using AnyConnect, that shouldnt be a problem.

I'm running this combination (well, recently upgraded to ISE 2.0). Works like a charm.

Hi,

I need to do downloadable ACL for remote VPN users. I can not move to ISE 2.0 due to hardware limitation.

Can you share the config example from ASA 5520 (9.1.x) side to ISE?

Regards,

Hi All ,

i have similar case here , if you can share a sample configuration on the ASA 5520 ( 9.1 os)

that allow me to push a DACL to the remote vpn user ,

Thanks

There is nothing special in this scenario. The ASA uses the ISE as RADIUS authentication-server. On the ISE you define an Authorization-profile for the VPN-user that includes a dACL. That's all.