Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
1
Replies

Cut-Through Proxy / Authentication Proxy on Cisco ASA using ISE as AAA Server for allocating SGTs

Lovleen Arora
Level 1
Level 1

‎02-16-2014 07:45 PM - edited ‎03-10-2019 09:24 PM

Hi,

We are trying to setup ASA to do cut-through authentication proxy, and use ISE as RADIUS. We can successfully authenticate the user from Radius on the ASA, while he opens a web-page, but then it displays the error: authorization denied.

What we want:

ISE to allocate a security group tag to the user session when he logs in, that tag would carried within out cisco network infrastrucutre to define the access

policy for that user.

Can someone please help me with a sort of step by step thing for ISE configuration to allocate SGTs/SGACL for the user session after authentication is completed.

Thanks

Lovleen

Labels:
0 Helpful
1 Reply 1

Saurav Lodh
Level 7
Level 7

‎02-16-2014 10:58 PM

Please refer to below step by step config guide for security group access policies

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html

0 Helpful
Customers Also Viewed These Support Documents