Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ise with proxy

Hi all,

Does anyone implements Cisco ISE with the proxy like Bluecoat ?

After the users authentication and authorization are accepted, mean that they are ready to WWW. but they still need to authenticate with Bluecoat again to access the internet.

Any ideas for this style ?



Nicholas Copeland

It is going to depend on the supplicant you use and the device type. What kind of device are you trying to use and what is the supplicant? There are some issues with mobile devices and proxies specifically with bypass lists.

Sent from Cisco Technical Support iPad App


Does the blue coat support anything such as transparent proxy? Ironport does this in a way that when it is integrated with Active Directory it can find the user to ip mapping and set the condition on the fly without redirecting users for authentication.


Tarik Admani
*Please rate helpful posts*


You mean that if the bluecoat supports the transparent proxy and it able to integrate with LDAP or Active Directory. It will work for this scenario, right ?

Does Bluecoat and Cisco ISE need to join on the same Active Directory to perform this scenario ?

Thanks for your guy response.

Pongsatorn M.

Did you mean PAC file for proxy ?

Pongsatorn M.

PAC file is needed for iOS devices as there isn't an option for a bypass list. But on the Android devices you can't point to the PAC file but you can put in a bypass list.

Craig Le-Butt

Hi, did you ever get this to work?

We use BC in tranparent mode, so all AD traffic will authenticate no problem.  We are looking to authetnciate users created by ISE guest, I nkow can be done with Ironport, just wondered if you got round this?


Hi Craig,

i wonder how you control the users thru BC who authenticated by ISE, in our scenario the wireless users authenticated against ISE and we set "do not authenticate option" in BC for the same users but in this case we unable to apply BC policies/Rules, if we enable authentication in BC then users need to provide credential two times, isn't it?


- Moin -


Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube