ise 2.6 license required for anyconnect/asa radius authentication with ISE

nareh84 · ‎04-07-2020

hi

I have currently deployed ISE2.6 (demo license). on ASA, anyconnect authentication points to ISE2.6. once user successfully authenticates, DACL is applied to user. at ISE end, its integrated with AD (for group information) and ASA is configured as radius device.

when i login via anyconnect, i am not seeing any license consumed, i am not sure whether any type of ISE license (base) is required for this setup. if yes then whether 1 base license is required for ASA or it depends on number of users using anyconnect at any given point of time?

pavagupt · ‎04-08-2020

ISE License consumption is based on services and sessions. A base license is consumed for every active session and utilizing posture service on top of it consumes apex license. That's the expectation.

thomas · ‎04-08-2020

Specifically ISE active endpoint counts are determined by RADIUS Accounting Start/Stop messages.

Ensure you have configured RADIUS Accounting on your ASA.

nareh84 · ‎04-08-2020

hi

I only need authentication and authorization (DACL). it means if i dont enable accounting, it will not consume any ise license?

Regards

Naray

pavagupt · ‎04-08-2020

Every active session (including authentication/authorization ) will consume a base license. Accounting in ISE will ensure session handling/management better.