03-28-2014 12:12 PM - edited 03-10-2019 09:35 PM
Hello All,
I am trying to create different access policies for users in ISE based on which particular certificate a user may have. Corporate owned devices will have a certificate from a local CA while non-owned devices will have a certificate from a public CA. Is it possible to create a policy where a device with a local certificate will match policy A and a device with a public certificate will match policy B? If so, how do I create these policies. Thanks for any help!
Solved! Go to Solution.
03-29-2014 01:14 AM
Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.
You may also refer the below listed link if needed.
BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf
Regards,
Jatin katyal
*Do rate helpful posts*
03-29-2014 01:14 AM
Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.
You may also refer the below listed link if needed.
BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf
Regards,
Jatin katyal
*Do rate helpful posts*
03-31-2014 07:00 PM
Thanks Jatin,
We are running v1.1 and the options to match against a certificate issuer are not available, but it was pointed out to me that they are available in v1.2. We will upgrade and we should be able to create the authz policies that you mentioned.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide