Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
5
Replies

Cisco ISE and Proxy PAC

Go to solution
danielesquaranti
Level 1
Level 1

‎08-16-2022 08:38 AM

Hi,

I will want to understand if is possible to have a Policy that can assign a proxy pac to a client in Cisco ISE...

Someone would know how to answer?

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to danielesquaranti

‎08-18-2022 01:38 PM

No, wrong kind of redirection.  ISE redirects all http traffic to an ISE web portal for the purposes of Guest authentication or BYOD enrollment.

ISE does network access control enforcement with VLANs, ACLs, SGTs, timers, and anything that can be set via RADIUS attributes on the *network device* to control the user/endpoint session.  ISE does not assign/update/configure the endpoint OS or applications (browser) as part of the authorization.

ISE may assign them to a VLAN whose traffic is all routed through a proxy or web application server to the Internet. This would be very typical for Guest scenarios!  But ISE does not configure web proxy PACs on the endpoint/browser itself.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-16-2022 09:41 AM

Not sure, why not use WPAD if you looking to deploy Proxy PAC file.

https://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-16-2022 10:39 AM

I do not understand what you are trying to do. Please be very specific with your scenario.

RADIUS or TACACS?

What is the client that accepts PAC files from RADIUS or TACACS?

Do other AAA servers do this?

0 Helpful

Go to solution
danielesquaranti
Level 1
Level 1
In response to thomas

‎08-18-2022 12:24 AM

I have a cisco ise policy which, for a certain condition, places client pc's on a vlan.
I want the http / https traffic of this vlan to be redirected to the proxy server. I have already tried with WCCP but for various reasons it is not implementable in my infrastructure ..
So I was looking for some other way to do this.

I use RADIUS.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to danielesquaranti

‎08-18-2022 01:38 PM

No, wrong kind of redirection.  ISE redirects all http traffic to an ISE web portal for the purposes of Guest authentication or BYOD enrollment.

ISE does network access control enforcement with VLANs, ACLs, SGTs, timers, and anything that can be set via RADIUS attributes on the *network device* to control the user/endpoint session.  ISE does not assign/update/configure the endpoint OS or applications (browser) as part of the authorization.

ISE may assign them to a VLAN whose traffic is all routed through a proxy or web application server to the Internet. This would be very typical for Guest scenarios!  But ISE does not configure web proxy PACs on the endpoint/browser itself.

0 Helpful

Go to solution
cnmyuxiaosheng
Level 1
Level 1

‎08-18-2022 12:27 AM

于我悠悠竟何有,
效颦常锁远山愁。
圣朝亦知贱士丑,
是恩是怨无性相。
婊里不一东瀛狗,
子规啼月小楼西。
养来鹦鹉觜初红,
的皪江梅浅浅春。

0 Helpful
Customers Also Viewed These Support Documents