cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1095
Views
0
Helpful
2
Replies

Configuring JAMF + VPN + ISE

dgaikwad
Level 5
Level 5

Hi Experts,

I am trying to configure the following use-case and its flow is as follows:

1. If the user has laptop registered with JAMF, then posture check happens on JAMF and based on the response, the user is granted access to the internal network.
2. If the laptop is not registered with JAMF, then
3. User authenticates with ISE
4. ISE sends MDM page to allow the user to register his device
5. Post registration the use is granted access to the internal network

Now, what is the happening is that the redirect ACL and authorization policy is getting applied. But, still the user is not able to get to the JAMF registration.

Whereas I am able to access the same page, from outside when not connected to the internal company network via VPN.
The question that remains is that, has this been done earlier? Or am I missing something with the configuration?

2 Replies 2

howon
Cisco Employee
Cisco Employee

During the redirected state, the endpoint will try to download the JAMF client and register. You will need to allow the endpoint to download site and registration with the redirect ACL.

Was able to resolve the issue. Had to add the entire subnet in the redirect ACL on ASA for JAMF cloud.
Post that, when an user connects via VPN and is not already registered, get redirected to registration page.
Post registration get the access to the internal network.