cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

429
Views
5
Helpful
2
Replies
MSJ1
Beginner

LogOn Event for VPN Users

Hello, 

 

I knew that when a Cisco AnyConnect VPN user connects , for that user there is no VPN Logon Event is created in AD.

 

I normally use AD based rule in Firewall Rule , but for VPN Users not able to use any Firewall Rule using AD Group. This does not seem like work. And I use User Agent in FMC to get the IP to Username Mapping Info.

 

My question is , if use ISE instead of "User Agent" does this behavior will change for VPN user  ?

 

Looking to know some user experience , who is aware of this problem and resolved the issue.

 

Any reference documentation, for this issue will be much appreciated.

2 REPLIES 2
Marcelo Morais
Advocate

Hi @MSJ1 ,

 please take a look at: AD Integration with Cisco ISE 2.x. and ISE Configuration for VPN.

 

Hope this helps !!!

Hello @Marcelo Morais 

 

I looked at this tube you shared  ( ISE Configuration for VPN ) , here radius authentication is with ISE but in my scenario it is not.

 

in my scenario , FMC is managing firewall where I am thinking to implement ISE as Passive Identity Solution , when ASA is doing radius authentication from another radius server not the ISE.

 

Hence was asking If I can use ISE/ISE-PIC for my below issue

 

"normally use AD based rule in Firewall Rule , but for VPN Users not able to use any Firewall Rule using AD Group. This does not seem like work. And I use User Agent in FMC to get the IP to Username Mapping Info.

 

My question is , if use ISE instead of "User Agent" does this behavior will change for VPN user ?  Will I be able to use AD Based Rule in FMC if I use ISE as Passive Identity Solution for VPN Subnet  ?

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel