Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
4
Replies

ISE Compliance Check

ahmanwar
Cisco Employee
Cisco Employee

‎07-03-2018 08:45 PM

Hi Team,

 

This is regarding an ongoing POC requirement by a customer.

 

Key deliverables required by customer are as below;

 

Task 1: Integrate ISE with our Dynamic IPSec VPN of Huawei Firewall Eudemon800​0E-X8.

 

  • 1.1 Multiple ACL per VPN user
  • 1.2 Downloadable access list of VPN user and edit it one time for the same ACLs that same the fuction
  • 1.3 VPN User Change Password (UCP)
  • 1.4 Certificate management
  • 1.5 Possibility of ISE integration with Huawei Eudemon8000E-X8
  • 1.6 Possibility to see the destination IP in accounting report of VPN user
  • 1.7 Audit report and how to reconcile the policy setting (ACL,...etc) in ISE

         

 

Task 2: Integrate ISE with our Ruckus Controller ZD1200

 

  • 2.1 Provide Landing page after guests connect to our Wifi 
  • 2.2 Guest validation over phone number by SMS
  • 2.3 Enterprise authentication by using AD over ISE
  • 2.4 WLC controller GDR (Not related)

       

As starters we want to validate if above integration can even be supported or not. If yes, then suggested course of action for testing these.

Your expert support would be much appreciated

0 Helpful
4 Replies 4

hslai
Cisco Employee
Cisco Employee

‎07-04-2018 06:56 PM

On task 1, this particular VPN concentrator is not vetted by our team. Please seeAAA Attributes for Third-Party VPN Concentrators for the general info.


On task 2, this wireless network device is in Supported Third Party Wireless LAN Controllers and see Ruckus-1200-NAD-Config

0 Helpful

ahmanwar
Cisco Employee
Cisco Employee
In response to hslai

‎07-04-2018 08:00 PM

Hi Lai, Good Day!

Could you advise of official response we should give out to partner/customer with regards to Task 1, and associated requirements with task 1 from 1.1 to 1.7

with regards to task 2, could you advise of config guide/reference to support tasks 2.1 to 2.4 ?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to ahmanwar

‎07-04-2018 08:13 PM

If 1.1 means merging ACL, then no ISE does not support it.

On 1.7, ISE has auth detail reports to show the authorization profile details.

On task 2, please use this guide -- Ruckus-1200-NAD-Config

On 2.1 ~ 2.3, since it supports CoA, I believe it would be regular CWA and use ISE guest portal and policies.

On 2.4, I have no idea what GDR is and what real asked here.

0 Helpful

ahmanwar
Cisco Employee
Cisco Employee
In response to hslai

‎09-12-2018 09:54 PM

Hi Team,

 

The partner has proceed with the integrations; but failing on below highlighted points.

 

  1. ISE for Dynamic IPSec VPN 
  • Testing apply multiple ACL per user – not succeed
    user unable to connect anyconnect VPN when we define specific user DACL ( ISE—ASA---user anyconnect)
  • Testing apply UCP for vendor/partner - pending
  • Testing Reconcile Access List – Pending
    Customer want to automatically remove DACL, etc when they remove rule in policy
  • Testing Automation Certificate management – Pending
    User certificate for authentication when connect ( ISE- ASA—annyconnect)

 

  1. Integrate ISE with our Ruckus Controller ZD1200 
  • Provide Landing page after guests connect to our Wifi  -- pending
  • Guest validation over phone number by SMS  -- pending
  • Enterprise authentication by using AD over ISE – pending

Could you advise on above mentioned issues.

0 Helpful
Customers Also Viewed These Support Documents