cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2113
Views
0
Helpful
7
Replies
Highlighted

ise with proxy

Hi all,

Does anyone implements Cisco ISE with the proxy like Bluecoat ?

After the users authentication and authorization are accepted, mean that they are ready to WWW. but they still need to authenticate with Bluecoat again to access the internet.

Any ideas for this style ?

Thanks,

Pongsatorn

Everyone's tags (3)
7 REPLIES 7
Highlighted
Enthusiast

Re: ise with proxy

It is going to depend on the supplicant you use and the device type. What kind of device are you trying to use and what is the supplicant? There are some issues with mobile devices and proxies specifically with bypass lists.

Sent from Cisco Technical Support iPad App

Highlighted
Advocate

ise with proxy

HI,

Does the blue coat support anything such as transparent proxy? Ironport does this in a way that when it is integrated with Active Directory it can find the user to ip mapping and set the condition on the fly without redirecting users for authentication.

https://kb.bluecoat.com/index?page=content&id=KB4799

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*

ise with proxy

Tarik,

You mean that if the bluecoat supports the transparent proxy and it able to integrate with LDAP or Active Directory. It will work for this scenario, right ?

Does Bluecoat and Cisco ISE need to join on the same Active Directory to perform this scenario ?

Thanks for your guy response.

Pongsatorn M.

Highlighted

ise with proxy

Did you mean PAC file for proxy ?

Pongsatorn M.

Highlighted
Enthusiast

ise with proxy

PAC file is needed for iOS devices as there isn't an option for a bypass list. But on the Android devices you can't point to the PAC file but you can put in a bypass list.

Highlighted
Beginner

Hi, did you ever get this to

Hi, did you ever get this to work?

We use BC in tranparent mode, so all AD traffic will authenticate no problem.  We are looking to authetnciate users created by ISE guest, I nkow can be done with Ironport, just wondered if you got round this?

cheers

Highlighted

Hi Craig,

Hi Craig,

i wonder how you control the users thru BC who authenticated by ISE, in our scenario the wireless users authenticated against ISE and we set "do not authenticate option" in BC for the same users but in this case we unable to apply BC policies/Rules, if we enable authentication in BC then users need to provide credential two times, isn't it?

regards,

- Moin -