cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

665
Views
10
Helpful
5
Replies
imihajlo
Cisco Employee

ISE-PIC integration options

Hello,

Could you please advise me today what we can integrate ISE-PIC with?

We can integrate ISE-PIC with FMC and Stealthwatch - is that integration using pxGrid only? Can we out of this integration use just user identities or this is just for SGT exchange? Can we via pxGrid integration obtain from ISE-PIC just IP address to usernames mappings?

How about integration with ASA? We used to have CDA which we were integrating with ASA for IDFW feature. Does that work today with ISE-PIC in place of CDA?

Do we have any guides please around ISE-PIC integrations?

Many Thanks

Ivana

2 ACCEPTED SOLUTIONS

Accepted Solutions
Timothy Abbott
Cisco Employee

Hi,

The only integration options for ISE-PIC are FMC and StealthWatch using pxGrid.  ISE-PIC sends user to IP mappings only since it does not support active authentication (802.1X, SGT assignment, etc.).  For IDFW, you will need to continue using CDA as ISE-PIC currently lacks the RADIUS interface ASA requires to learn identity.

Regards,

-Tim

View solution in original post

ISE-PIC still lacks the CDA RADIUS interface that the ASA needs to pull identity.

Regards,
-Tim

View solution in original post

5 REPLIES 5
Timothy Abbott
Cisco Employee

Hi,

The only integration options for ISE-PIC are FMC and StealthWatch using pxGrid.  ISE-PIC sends user to IP mappings only since it does not support active authentication (802.1X, SGT assignment, etc.).  For IDFW, you will need to continue using CDA as ISE-PIC currently lacks the RADIUS interface ASA requires to learn identity.

Regards,

-Tim

View solution in original post

Thanks Tim

Regards,

Ivana

Ivana Mihajlovic

Customer Success Manager

Cisco CCIE Security, ISC2 CISSP, ISC2 CCSP, AWS Certified Solution Architect - Associate, TOGAF 9, ITIL, Proact BOST Bronze, Master Project Management

Cisco Systems, Inc.

Pegasus Parc De kleetlaan 6a

DIEGEM 1831 Belgium

imihajlo@cisco.com

Hi,

 

i was wondering if the ISE-PIC  integration is still not supported on ASA until now !

i have a case where the customer asking me the same question, but i can not find an updated document about it.

 

thank you.

-Ashraf

ISE-PIC still lacks the CDA RADIUS interface that the ASA needs to pull identity.

Regards,
-Tim

View solution in original post

Dear Tim,

 

thank you for you help, appreciate your fast response.

 

thanks,

Ashraf

Content for Community-Ad