11-21-2017 01:09 PM - edited 02-21-2020 10:39 AM
Hi community,
First of all, thanks to all for read this kind of newbie question.
I have one ISE 2.3 in my lab, and i'm making the configurations in a enviroment that doesnt have impact to production, before installing definitivly.
I've read the documentation (https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#reference_8DC463597A644A5C9CF5D582B77BB24F)
I'm having a problem, making the policy sets, where i cant find the groups of AD, already configured in external identities sources previously, to adding as a condition for autentication.
I cant use them sucessfully, and make conditions in Policy Elements to make new Conditions nor in the Policy Sets:
I've Already joined to AD succesfully, the diagnostic tools shows all test passed, but cant find the condition to making the new Policy.
My infrastructure has the follow:
1- AD/DC, already joined to ISE.
2- vWLC 8.2.15 Version
3- Cisco ISE 2.3 3515 Hardware.
I'm Missing something ? (sure, but what could be ?)
Regards
Solved! Go to Solution.
11-23-2017 01:33 PM
11-23-2017 01:33 PM
11-24-2017 10:42 AM
Hello,
Thanks davidgranathkarlsson, you point me into the right direction, my error was triying to put the AD groups as a first condition in Policy Set (Access), but works great pointing them into Auth/AuthZ.
I hope, my newbie question could help to another newbies, since the policy set change dramatically since the new release of ISE.
Regards.
11-24-2017 01:56 PM
Good to hear it worked out well for you.
Yeah, it's not unlikely many people will run into similar issues when moving to 2.3 considering GUI-changes, enforcement of policy set usage and aswell the "bug" explained at the top of known issues in 2.3, which has been causing some confusion (https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/release_notes/ise23_rn.html#pgfId-807015).
"Conditions Studio Editor After Upgrade to ISE 2.3
When you create conditions using the Conditions Studio editor after upgrade, you can click the Attribute Value drop-down list or click the icon next to the Attribute Value text box to choose the required attribute. If the Attribute Value drop-down list is not displayed, you must use the mouse or trackpad, scroll up to the top of the page, and click the Attribute Value text box."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide