08-17-2013 07:52 AM - edited 03-10-2019 08:47 PM
I'm looking at ISE licensing, and both Base and Advanced licenses have VPN listed. I could not find any document that provides guideline for VPN implementation using ISE Base license only.
1. Can I use ISE IPN (Inline Posture Node) functionality without posture assessment with ISE Base license only? (I know it has to be ISE hardware appliance, and I know that Posture assessment requires ISE Advanced license.)
2. Do I have to use IPN for VPN deployment using ISE as the Radius server?
3. If I do not have to use IPN for VPN, can I use ISE for Authentication and Authorization in the same way as I use ACS?
Thanks,
Val Rodionov
08-17-2013 07:30 PM
Hi,
When using vpn without posturing you do not need the IPN since you will authenticate users only. IPN is only for posturing vpn clients.
This will only require a base license since this is a feature on requires basic radius authentication.
Tarik Admani
*Please rate helpful posts*
08-18-2013 10:44 PM
Hi Tarik,
Thank you for answering my questions.
Now I understand that with ISE Base license VPN user authentication.
Can you clarify:
-Can IPN be used without posturing and apply "inline" policies based on user group?
-Does IPN installation require Advanced license?
Thanks,
Val
08-19-2013 08:47 AM
Val,
There is no need to consider IPN if you are not using posturing. You can use ISE much like ACS for radius authentication for vpn users.
If posturing is down the road and your hope is to have an architecture in place and license later, then I am sure that you can use the ipn with base licensing, however I would strongle recommend working with the PDI (for partners) for help and confirmation.
Thanks,
Tarik Admani
*Please rate helpful posts*
08-19-2013 10:01 AM
Hi Tarik,
I was contemplating installing IPN with ISE Base license. I had configured several IPNs in the past, but I did not know if the IPN could be used with base license. I'll veriy that with PDI or TAC.
Thank you for answering my questions!
Thanks,
Val
08-22-2013 02:34 AM
An Inline Posture node is a gatekeeper that enforces access policies and handles change of authorization (CoA) requests
The Base license is intended for organizations that want to authenticate and authorize users and devices on their network (wired, wireless, and VPN)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide