Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
836
Views
0
Helpful
3
Replies

ISE - New Administrator .

Go to solution
Riyasat Ali
Level 1
Level 1

ā€Ž12-01-2012 01:14 PM - edited ā€Ž03-10-2019 07:50 PM

Hi Everyone ,

We are ordering new ISE virtual applicance for one of our customers , since this is the first time i will be implemetating this device , so i have few questions , i would be greatful if i can get the answers :-

Senarios, we will be puting  ISE on a VM , we will have 2 VM machine for HA. Username database we will fetch from Active Directory and for Tokens we are ordering RSA .We will be using this for remote VPN and for AAA.

                  |--------RSA

ISE-------------|

                  |--------AD

now questions :-

1. we will map our ISE to AD for users , can i create some user locally on ISE in the same group apart from users which  i have from AD ? means , i want some user from AD and i will create some locally and want it to be authenticated for remote vpn .

2. we will get the token from RSA server , so i want some users of AD to use RSA token and some users login with RSA token , is it possible ?

3. what is the benifit of Inline posture ISE ?

4. how ISE located the location , through GPS or anyotherthing ?

5. what are the challanges i might face while implementating this topoligy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
edondurguti
Level 4
Level 4

ā€Ž12-03-2012 09:26 AM

Hi,

I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.

Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to

Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.

Hope it helps.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
edondurguti
Level 4
Level 4

ā€Ž12-03-2012 09:26 AM

Hi,

I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.

Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to

Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.

Hope it helps.

0 Helpful

Go to solution
Riyasat Ali
Level 1
Level 1
In response to edondurguti

ā€Ž12-04-2012 05:20 AM

thank you so much for the reply.

I have one more question , is (virtual not hardware module) ISE compatible with cisco ASA as i looked in the datasheet and found almost all routers, switches, wireless accesspoint but not ASA.

Can anyone please tell me , if i buy this (virtual not hardware ) ISE and map it with cisco ASA for Remote VPN , will their be any problem ? or it will just fine like Cisco ACS.

0 Helpful

Go to solution
edondurguti
Level 4
Level 4
In response to Riyasat Ali

ā€Ž12-04-2012 11:21 AM

You're welcome, make sure to rate helpful posts so it helps others :]

0 Helpful
Customers Also Viewed These Support Documents