Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
1
Replies

Radius Interface for Identity sharing from ISE

Go to solution
jitesar
Cisco Employee
Cisco Employee

‎04-18-2019 05:44 AM - edited ‎04-18-2019 08:20 AM

When using ASA as identity FW and CDA doesn’t work or is not good enough we are aiming at ISE as the identity source.

 

We have 2 options how to get indentity over Windows WMI: Passive Identity Services (it is practically ISE embedded CDA) or Easy Connect. Both:  „Passive Identity Services“ or „Easy Connect“ can share identity only via PxGrid currently.

So until we will have RADIUS interface for identity sharing in ISE and/or we will have PxGrid interface in ASA we can’t share identity directly from ISE to ASA.

 

ISE does not currently have the CDA RADIUS interface the ASA needs to get identity information & ASA doesn't speak in PxGrid.

 

CDA itself can have problem with installation on newer versions of AD, so ISE should be our identity (or context) information source. But we can't share it from ISE to ASA :-(

 

Sharing this topic as limitation, when using ASA identity FW with ISE with current versions of ISE/ISE-PIC.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 09:16 PM

This is product related question and has been addressed in an internal forum. Closing the question here.

 

-Krishnan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 09:16 PM

This is product related question and has been addressed in an internal forum. Closing the question here.

 

-Krishnan

0 Helpful
Customers Also Viewed These Support Documents