10-24-2013 11:17 AM - edited 03-10-2019 09:01 PM
Can Cisco ISE be integrated with a third-party firewall (such as Checkpoint), to provide authentication/authorization services to remote VPN user devices (based on device MAC address)?
The remote user would establish a VPN connection to a third-party firewall, based on a username/password authentication, but the user would only be allowed to send/receive traffic to the internal network if the MAC address of the device being used was authorized by Cisco ISE.
Thank you in advance.
10-24-2013 07:18 PM
Rui,
I do not think the vpn client sends the ip address in a called-station-id, that might be the public ip address that the client is initiating the request from. If you have an existing radius server or can run a packet capture you should be able to verify that.
If the client does send the mac address in the radius packet then you can create a custom condition that can be used to check the mac address along with the username to allow it access to the session. However in VPN deployments there is no concept of profiling since 802.1x deployments usually include the client's mac address.
Thanks,
Tarik Admani
*Please rate helpful posts*
10-31-2013 03:38 PM
Kindly find the link information may help you.
http://pmbuwiki.cisco.com/Products/ISE/Technical/Third_Party_Information#Summary
03-16-2016 02:49 PM
According to this documentation: "http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at-a-glance-c45-736265.pdf" Cisco ISE integrates to Check Point through the Identity Awareness Blade.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide