07-18-2014 01:43 PM - edited 03-10-2019 09:52 PM
I'm trying to move AAA services from an ACS 4.2 integrated to AD to an ISE3355 supporting remote access VPN on an ASA/AnyConnect and wireless (PEAP). The ISE3355 is AD integrated.
With respect to Remote Access VPN using AAA on the ACS, I currently map various AD groups to ACS groups, and use the RADIUS IETF Class [025] attribute for the ACS group that associates an ACL name hardcoded in the ASA configuration to enforce the access policy.
Is this a valid approach to porting policies from the ACS to the ISE?
Or alternatively, must I define the ACLs on the ISE instead of using those already defined in the ASA configuration?
I need to do a quick port, so any suggestions are appreciated.
09-16-2014 11:01 AM
Check the following link
http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html
09-16-2014 12:48 PM
Thanks for your response Vattullu. My local Cisco account security-focused SE pointed me to this youtube video:
http://www.youtube.com/watch?v=HcMf3q_lmYo
This addressed the issue of authorization issue exactly the way I needed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide