03-27-2019 08:25 PM
Hello,
I'm setting up ISE authentication policy for VPN users.
My plan was to match tunnel group -and-> user exists in Active Directory -then-> use RSA server for AAA.
I have written condition for tunnel group match but I'm confused or don't know literally on how to write condition for "user exists in Active Directory".
I have integrated my AD with ISE.
Please help me with this guys. Thanks in advance.
Solved! Go to Solution.
03-28-2019 09:26 AM
In case ISE authenticates the user using its AD credentials, we may use this dictionary attribute Network Access·AuthenticationIdentityStore and set it to EQUALS to the name of the AD join point.
Other possibilities are:
For the last two, we need to pick the groups and attributes in the AD join point, before they are available as drop-down selections in the right-hand-side of the attribute-value pair.
03-28-2019 09:26 AM
In case ISE authenticates the user using its AD credentials, we may use this dictionary attribute Network Access·AuthenticationIdentityStore and set it to EQUALS to the name of the AD join point.
Other possibilities are:
For the last two, we need to pick the groups and attributes in the AD join point, before they are available as drop-down selections in the right-hand-side of the attribute-value pair.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide