Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
850
Views
0
Helpful
6
Replies

ISE licensing

Go to solution
JACQUES DU PLESSIS
Level 1
Level 1

‎10-06-2015 03:49 AM - edited ‎03-10-2019 11:07 PM

Hi Guys, I am confused regarding ISE licensing. We want most of the items, including wired, wireless, VPN, Guests, profiling, posture etc.

So a vendor quoted on base + endpoint apex licenses (and anyconnect) and they say that will cover us.

 

Is this correct since the licensing page suggests we need much more than that?

 

Thanks!

Jacques

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2015 07:09 AM

While you can technically run an ISE deployment with only Base and Apex (and AnyConnect Apex if you aren't using native supplicants) licenses, you typically require Plus licenses also if you are planning to use any of the services it provides (including profiling).

You also need the line items for the server(s) themselves - whether appliance- or VM-based.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2015 07:09 AM

While you can technically run an ISE deployment with only Base and Apex (and AnyConnect Apex if you aren't using native supplicants) licenses, you typically require Plus licenses also if you are planning to use any of the services it provides (including profiling).

You also need the line items for the server(s) themselves - whether appliance- or VM-based.

0 Helpful

Go to solution
Shaik Moinuddin
Level 1
Level 1
In response to Marvin Rhoads

‎10-10-2015 10:49 PM

Hi,

ISE posturing feature not supported in VM-based.

 

regards,

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Shaik Moinuddin

‎10-11-2015 07:14 AM

Shaik,

What is your source for that information? I have configured VM-based ISE deployments with posturing enabled and actively in use.

The Posture feature requires Apex licensing (or the old Advanced license for pre-1.3 deployments) but is not limited to physical vs. virtual machine-based nodes.

0 Helpful

Go to solution
Shaik Moinuddin
Level 1
Level 1
In response to Marvin Rhoads

‎10-11-2015 10:30 PM

hi Marvin,

i found it on Cisco..

 

ISE Features Not Supported in a Virtual Machine

The Inline Posture node is supported only on Cisco SNS-3415 and Cisco ISE 3300 series appliances. It is not supported on Cisco SNS-3495 series or VMware server systems. All the other designated roles are supported for use on VMware virtual machines.

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Shaik Moinuddin

‎10-12-2015 05:44 AM

Shaik,

Inline Posture Node or IPN is not the same as the posture feature.

IPN is used when we need to support posture services and the network access device (typically a legacy firewall) does not support CoA. Under the covers it is a legacy NAC appliance rebranded as an ISE node.

It was rarely deployed. Since ASA software 9.2(1) introduced CoA support, it is becoming even less common.

Posture is part of session services and is supported on VMs across all ISE versions as long as you have the necessary license.

0 Helpful

Go to solution
JACQUES DU PLESSIS
Level 1
Level 1

‎10-06-2015 09:38 AM

Yes they came back to me saying we need plus as well. Management would not have been very impressed having to go back to business asking for more money. And yes we are doing the VM

Thanks for the reply

Jacques

0 Helpful
Customers Also Viewed These Support Documents