04-07-2020 11:09 PM
hi
I have currently deployed ISE2.6 (demo license). on ASA, anyconnect authentication points to ISE2.6. once user successfully authenticates, DACL is applied to user. at ISE end, its integrated with AD (for group information) and ASA is configured as radius device.
when i login via anyconnect, i am not seeing any license consumed, i am not sure whether any type of ISE license (base) is required for this setup. if yes then whether 1 base license is required for ASA or it depends on number of users using anyconnect at any given point of time?
04-08-2020 04:39 AM
ISE License consumption is based on services and sessions. A base license is consumed for every active session and utilizing posture service on top of it consumes apex license. That's the expectation.
04-08-2020 02:45 PM
Specifically ISE active endpoint counts are determined by RADIUS Accounting Start/Stop messages.
Ensure you have configured RADIUS Accounting on your ASA.
04-08-2020 06:26 PM
hi
I only need authentication and authorization (DACL). it means if i dont enable accounting, it will not consume any ise license?
Regards
Naray
04-08-2020 09:06 PM
Every active session (including authentication/authorization ) will consume a base license. Accounting in ISE will ensure session handling/management better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide