cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6762
Views
0
Helpful
2
Replies

ISE to assign group policies on ASA

Stephen Brady
Level 1
Level 1

Does anyone know if this is possible to use ISE to hand out group policies on the ASA based on AD group, or username?

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Stephen,

If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.

Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

 

~Jatin

View solution in original post

2 Replies 2

Saurav Lodh
Level 7
Level 7

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Stephen,

If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.

Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

 

~Jatin