ā12-01-2012 01:14 PM - edited ā03-10-2019 07:50 PM
Hi Everyone ,
We are ordering new ISE virtual applicance for one of our customers , since this is the first time i will be implemetating this device , so i have few questions , i would be greatful if i can get the answers :-
Senarios, we will be puting ISE on a VM , we will have 2 VM machine for HA. Username database we will fetch from Active Directory and for Tokens we are ordering RSA .We will be using this for remote VPN and for AAA.
|--------RSA
ISE-------------|
|--------AD
now questions :-
1. we will map our ISE to AD for users , can i create some user locally on ISE in the same group apart from users which i have from AD ? means , i want some user from AD and i will create some locally and want it to be authenticated for remote vpn .
2. we will get the token from RSA server , so i want some users of AD to use RSA token and some users login with RSA token , is it possible ?
3. what is the benifit of Inline posture ISE ?
4. how ISE located the location , through GPS or anyotherthing ?
5. what are the challanges i might face while implementating this topoligy
Solved! Go to Solution.
ā12-03-2012 09:26 AM
Hi,
I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.
Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to
Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.
Hope it helps.
ā12-03-2012 09:26 AM
Hi,
I didn't implement anything with RSA but as for local users and AD users, yes you can have both and you will need to configure an authentication store where it looks for AD first, if no match looks for local database.
Go to Administration - Identity Source Sequences then choose what stores to lookup, ie; AD1, Internal Users, then go to
Policy-Authentication now depends what your authentication rule is.. just click the right arrow on the right side and choose the store created previously in the Source Sequences.
Hope it helps.
ā12-04-2012 05:20 AM
thank you so much for the reply.
I have one more question , is (virtual not hardware module) ISE compatible with cisco ASA as i looked in the datasheet and found almost all routers, switches, wireless accesspoint but not ASA.
Can anyone please tell me , if i buy this (virtual not hardware ) ISE and map it with cisco ASA for Remote VPN , will their be any problem ? or it will just fine like Cisco ACS.
ā12-04-2012 11:21 AM
You're welcome, make sure to rate helpful posts so it helps others :]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide