07-15-2019 07:01 AM
Hi Guys,
I wanted to confirm the purpose of "Authentication Policy" when RADIUS Proxy is enabled along with "On Access-Accept, continue to Authorization Policy". It is displayed and is configurable under Policy Set set for RADIUS Proxy with above option enabled.
I would expect authentication to be fully delegated to remote RADIUS server; then once RADIUS Access-Accept is received local authorization policy would be applied to add new attributes. Authentication Policy seems redundant here.
Can you please confirm if the Authentication Policy in such case is just a dummy or could actually be used for some advanced use-cases with double authentication/failover?
Cheers,
Chris
Solved! Go to Solution.
07-15-2019 07:50 AM
07-15-2019 07:50 AM
07-15-2019 09:16 AM
Hi Surendra,
Thanks for quick reply. In the RADIUS Proxy scenario the external RADIUS server (RADIUS Sequence) is configured on the Policy Set level in the "Allowed Protocols/Server Sequence" field. The Authentication Policy within the Policy set is not configured at all. The question is about the latter. I suspect the Authentication Policy is not evaluated by ISE in that scenario...
Cheers,
Chris
07-16-2019 12:52 AM
Thanks Surendra,
May we please sync-up offline regarding this question?
Cheers,
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide