Solved: Microsoft Direct Access VPN Interoperability

welchari · ‎04-02-2018

Dear TME,
I need to know about Compatibility of Microsoft Direct Access VPN along with Cisco ISE & Cisco any connect.
I could not find alot of data about it. So :
1- Can ISE see the Microsoft direct access VPN server as a NAD & communicate with it via Radius & Issue COA?
2- Can anyconnect coexist with the Microsoft direct access VPN agent to do the posture part only?
Kindly do share more details or links about this.
Thanks,
Wissam

Jason Kunst · ‎04-02-2018

I am pretty sure that Microsoft direct access doesn't act like a traditional VPN service like anyconnect where you would bring up a tunnel and be required to do posture and then do a COA after posture is complete. Regardless only cisco VPNs support COA

Therefore there is no integration or co-existence.

Microsoft DirectAccess: An Overview

Added our VPN SME as well to keep me honest

pcarco

View solution in original post

Jason Kunst · ‎04-02-2018

I am pretty sure that Microsoft direct access doesn't act like a traditional VPN service like anyconnect where you would bring up a tunnel and be required to do posture and then do a COA after posture is complete. Regardless only cisco VPNs support COA

Therefore there is no integration or co-existence.

Microsoft DirectAccess: An Overview

Added our VPN SME as well to keep me honest

pcarco

pcarco · ‎04-02-2018

Hello Wissam & Jason,

Microsoft Direct Access is a Machine Tunnel and uses a certificate to achieve this tunnel - there is no user auth The tunnel is established by the machine and not the user which is completely different than AnyConnect.

CoA requires Radius for the AuthN or AuthZ so an endpoint with Direct Access is not going to work with ISE the way AnyConnect / System Scan and ISE integrate for CoA.

No, it can not co-exist the way you describe if the user is remote then then AnyConnect must establish the tunnel to the ASA and Auth to ISE.

Best regards,

Paul

welchari · ‎04-03-2018

Thanks alot guys for the helpful answers.