Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4435
Views
0
Helpful
1
Replies

Certificate Authentication with ISE

marioderosa2008
Level 1
Level 1

‎05-08-2012 07:31 AM - edited ‎03-10-2019 07:04 PM

                   Hi all,

I am looking to understand the different ways that people have used Certificates so that we can distinguish between Corporate owned Windows machines and IPAds and then the BYOD IPADs and machines that are attempting to connect to your network.

Essentially, I am not entirely sure on the kind of templates that we should be using for these certs? Would they be machine certs or user certs?

Also, I am not sure as to whether any attribute checking is required by ISE. I have been playing with Machine Cert authentication for our VPN users on an ASA. The ASA needs to match attributes so that it can identify what kind of policies and authentication methods to apply to the device.

I guess what I am really trying to ask is what do I need to bare in mind when deplying Certs for machine authentication for Wireless, Wired AND VPN access? are there any user guides or documents out there that are worth the read?

Hopefully that all makes sense.

Mario

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Level 4
Level 4

‎05-12-2012 07:26 PM

You could use EAP-TLS with machine certificates.

Here's a great link showing IP Phones authentication using EAP-TLS

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html

In figure 3.2.5.2 you can see ACS uses "identitiy = CN username"

In figure 3.2.5.3 you can see ACS uses certificate dictionaries.

Please rate if it helps

0 Helpful
Customers Also Viewed These Support Documents