Solved: Cisco ISE SMTP Authentication.

dazza_johnson · ‎03-14-2017

Hopefully someone can give me good news. I'm configuring SMTP for email approval, and struggling to find where to configure SMTP authentication? I found an (old) v1.4 document that states "This server should have the ability to accept any emails from the ISE without authentication or encryption."

So basically, emails from ISE only works with no authentication - even in v2.2? If this is true, how can Cisco (and its products) claim to take security seriously when their own security products don't support email authentication and rely on open relays?

A feature request doesn't cut it, one was lodged for this feature 3 years ago and its still not here.

Any update from Cisco?

DJ

yshchory · ‎03-15-2017

Darren,

Thank you for the feedback. I am the Product Line Manager for ISE. I will ensure that we will look into this as soon as possible and see when is the earliest possible release we can insert this into, though I must comment that this specific feature was never raised as a make or break.

Will be more than happy to continue this discussion with you on the partners' community.

Yuval

View solution in original post

Jason Kunst · ‎03-15-2017

Sorry there has not and we can't comment on roadmap in a public forum

Please reach out to the ise product management team

dazza_johnson · ‎03-15-2017

No acknowledgement to have an obvious security feature not being supported in a security product. Its a difficult sell when my customer tells me the Aruba Clear Pass offering does support authentication *and* TLS for SMTP.....

Jason Kunst · ‎03-15-2017

this is not the forum to discuss, use the partner community please, we understand, please get your requirements to our PM team through the channel

Jason Kunst · ‎03-15-2017

I have passed it along as well

dazza_johnson · ‎03-15-2017

Hmmm, there has been an enhancement request in for 3 years...... Ok, ill try it

yshchory · ‎03-15-2017

Darren,

Thank you for the feedback. I am the Product Line Manager for ISE. I will ensure that we will look into this as soon as possible and see when is the earliest possible release we can insert this into, though I must comment that this specific feature was never raised as a make or break.

Will be more than happy to continue this discussion with you on the partners' community.

Yuval

csavas · ‎09-14-2017

Its hard to find an SMTP server without authentication these days. Do you have a list of SMTP server with no AUTH which we could use in PoC or LABN environments?

dazza_johnson · ‎09-14-2017

You can do it with Exchange, you just need to whitelist the ISE IP addresses as not requiring authentication. I didn't personally configure this, but thats what the Windows guys did for it to work for me.

csavas · ‎09-15-2017

Thats good to know but I don't have exchange in my lab. I though maybe of any public smtp gateways with no auth.

This means I need to setup an exchange server every time i run a PoC this is not a good solution

scamarda · ‎09-15-2017

I've used postfix on a Centos distribution. Not happy about the no authentication but have limited the hosts that can send mail to it via iptables and the authorized senders in the postfix configuration file.