Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Configuring JAMF + VPN + ISE

Hi Experts,

I am trying to configure the following use-case and its flow is as follows:

1. If the user has laptop registered with JAMF, then posture check happens on JAMF and based on the response, the user is granted access to the internal network.
2. If the laptop is not registered with JAMF, then
3. User authenticates with ISE
4. ISE sends MDM page to allow the user to register his device
5. Post registration the use is granted access to the internal network

Now, what is the happening is that the redirect ACL and authorization policy is getting applied. But, still the user is not able to get to the JAMF registration.

Whereas I am able to access the same page, from outside when not connected to the internal company network via VPN.
The question that remains is that, has this been done earlier? Or am I missing something with the configuration?

Cisco Employee

During the redirected state, the endpoint will try to download the JAMF client and register. You will need to allow the endpoint to download site and registration with the redirect ACL.

Was able to resolve the issue. Had to add the entire subnet in the redirect ACL on ASA for JAMF cloud.
Post that, when an user connects via VPN and is not already registered, get redirected to registration page.
Post registration get the access to the internal network.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube