08-16-2022 08:38 AM
Hi,
I will want to understand if is possible to have a Policy that can assign a proxy pac to a client in Cisco ISE...
Someone would know how to answer?
Thanks
Solved! Go to Solution.
08-18-2022 01:38 PM
No, wrong kind of redirection. ISE redirects all http traffic to an ISE web portal for the purposes of Guest authentication or BYOD enrollment.
ISE does network access control enforcement with VLANs, ACLs, SGTs, timers, and anything that can be set via RADIUS attributes on the *network device* to control the user/endpoint session. ISE does not assign/update/configure the endpoint OS or applications (browser) as part of the authorization.
ISE may assign them to a VLAN whose traffic is all routed through a proxy or web application server to the Internet. This would be very typical for Guest scenarios! But ISE does not configure web proxy PACs on the endpoint/browser itself.
08-16-2022 09:41 AM
Not sure, why not use WPAD if you looking to deploy Proxy PAC file.
https://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html
08-16-2022 10:39 AM
I do not understand what you are trying to do. Please be very specific with your scenario.
RADIUS or TACACS?
What is the client that accepts PAC files from RADIUS or TACACS?
Do other AAA servers do this?
08-18-2022 12:24 AM
I have a cisco ise policy which, for a certain condition, places client pc's on a vlan.
I want the http / https traffic of this vlan to be redirected to the proxy server. I have already tried with WCCP but for various reasons it is not implementable in my infrastructure ..
So I was looking for some other way to do this.
I use RADIUS.
08-18-2022 01:38 PM
No, wrong kind of redirection. ISE redirects all http traffic to an ISE web portal for the purposes of Guest authentication or BYOD enrollment.
ISE does network access control enforcement with VLANs, ACLs, SGTs, timers, and anything that can be set via RADIUS attributes on the *network device* to control the user/endpoint session. ISE does not assign/update/configure the endpoint OS or applications (browser) as part of the authorization.
ISE may assign them to a VLAN whose traffic is all routed through a proxy or web application server to the Internet. This would be very typical for Guest scenarios! But ISE does not configure web proxy PACs on the endpoint/browser itself.
08-18-2022 12:27 AM
于我悠悠竟何有,
效颦常锁远山愁。
圣朝亦知贱士丑,
是恩是怨无性相。
婊里不一东瀛狗,
子规啼月小楼西。
养来鹦鹉觜初红,
的皪江梅浅浅春。
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide