cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

558
Views
0
Helpful
3
Replies
Riyasat Ali
Beginner

ISE - New Administrator .

Hi Everyone ,

We are ordering new ISE virtual applicance for one of our customers , since this is the first time i will be implemetating this device , so i have few questions , i would be greatful if i can get the answers :-

Senarios, we will be puting  ISE on a VM , we will have 2 VM machine for HA. Username database we will fetch from Active Directory and for Tokens we are ordering RSA .We will be using this for remote VPN and for AAA.

                  |--------RSA

ISE-------------|

                  |--------AD

now questions :-

1. we will map our ISE to AD for users , can i create some user locally on ISE in the same group apart from users which  i have from AD ? means , i want some user from AD and i will create some locally and want it to be authenticated for remote vpn .

2. we will get the token from RSA server , so i want some users of AD to use RSA token and some users login with RSA token , is it possible ?

3. what is the benifit of Inline posture ISE ?

4. how ISE located the location , through GPS or anyotherthing ?

5. what are the challanges i might face while implementating this topoligy

1 ACCEPTED SOLUTION

Accepted Solutions
edondurguti
Enthusiast

Hi,

I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.

Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to

Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.

Hope it helps.

View solution in original post

3 REPLIES 3
edondurguti
Enthusiast

Hi,

I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.

Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to

Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.

Hope it helps.

View solution in original post

thank you so much for the reply.

I have one more question , is (virtual not hardware module) ISE compatible with cisco ASA as i looked in the datasheet and found almost all routers, switches, wireless accesspoint but not ASA.

Can anyone please tell me , if i buy this (virtual not hardware ) ISE and map it with cisco ASA for Remote VPN , will their be any problem ? or it will just fine like Cisco ACS.

You're welcome, make sure to rate helpful posts so it helps others :]

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel