02-13-2017 11:53 AM - edited 03-11-2019 12:27 AM
folks
i have an ISE 2.0 vm and i'm authenticating users on an ssl vpn with the ise radius service
users, on ise, are put into separate identity groups and i'm trying to allocate ip addresses on my ssl vpn server based on identity group but i don't
see ise passing the group attribute back to the vpn server
does anyone know how i can do this?
thanks to anyone taking the time to reply
Solved! Go to Solution.
02-14-2017 10:45 AM
Take a look at the link below. It is a detailed video for an older version of ISE but it should give you enough details to get things going and get you familiar with the solution:
http://www.labminutes.com/sec0111_ise_12_anyconnect_vpn_radius_authentication_authorization_1
Thank you for rating helpful posts!
02-13-2017 01:34 PM
Hi there. I have a couple of questions:
1. What is your VPN solution provider?
2. What attributes are you returning back from ISE with the authorization profile?
Thank you for rating helpful posts!
02-13-2017 02:39 PM
neon
many thanks for your response, its much appreciated
I'm new to ise so I'm not sure how all the components work together
I don't have any authorisation policy configured, I simply have the user accounts configured and added into groups
is this what I'm maybe missing?
thanks again
02-14-2017 10:45 AM
Take a look at the link below. It is a detailed video for an older version of ISE but it should give you enough details to get things going and get you familiar with the solution:
http://www.labminutes.com/sec0111_ise_12_anyconnect_vpn_radius_authentication_authorization_1
Thank you for rating helpful posts!
02-22-2017 07:01 AM
neno
many thanks for your help
I eventually spoke to tac and it turned out that the issue was with my authorisation policy
I was passing back the permit attribute rather than the group attribute
so again, thanks for your help and contribution, it was much appreciated
02-24-2017 11:14 AM
Good to hear! Glad I was able to help! :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide