Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
2
Replies

Porting ACS 4.2 rules to ISE

kbyrd
Level 2
Level 2

‎07-18-2014 01:43 PM - edited ‎03-10-2019 09:52 PM

I'm trying to move AAA services from an ACS 4.2 integrated to AD to an ISE3355 supporting remote access VPN on an ASA/AnyConnect and wireless (PEAP). The ISE3355 is AD integrated.

With respect to Remote Access VPN using AAA on the ACS, I currently map various AD groups to ACS groups, and use the RADIUS IETF Class [025] attribute for the ACS group that associates an ACL name hardcoded in the ASA configuration to enforce the access policy.

Is this a valid approach to porting policies from the ACS to the ISE?

Or alternatively, must I define the ACLs on the ISE instead of using those already defined in the ASA configuration?

I need to do a quick port, so any suggestions are appreciated.

Labels:
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎09-16-2014 11:01 AM

Check the following link

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

0 Helpful

kbyrd
Level 2
Level 2
In response to Venkatesh Attuluri

‎09-16-2014 12:48 PM

Thanks for your response Vattullu. My local Cisco account security-focused SE pointed me to this youtube video:

http://www.youtube.com/watch?v=HcMf3q_lmYo

This addressed the issue of authorization issue exactly the way I needed it.

0 Helpful
Customers Also Viewed These Support Documents