Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
0
Helpful
1
Replies

Remote VPN Access with machine authentication via ISE

Go to solution
imihajlo
Cisco Employee
Cisco Employee

‎08-02-2018 12:29 AM

Hello

 

Lets assume that remote access VPN solution supports to have only machine authentication on vpn connection establishment.

And machine authentication should be done via AD computer object attribute.

Can we have ISE between tunnel head-end and AD server in this scenario supporting this kind of authentication via Radius?

 

Many Thanks

Ivana 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-05-2018 06:24 PM

If SSL RA VPN, then it's ASA terminate the SSL, but it's possible to perform authorization to ISE and verify the AD attributes. See Solved: Re: Machine Authentication Using ASA VP... - Cisco Community

If IKEv2 IPSec RA VPN, I've seen some setup terminating EAP-TLS at ISE using EAP but I am not certain whether a machine certificate can be used.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-05-2018 06:24 PM

If SSL RA VPN, then it's ASA terminate the SSL, but it's possible to perform authorization to ISE and verify the AD attributes. See Solved: Re: Machine Authentication Using ASA VP... - Cisco Community

If IKEv2 IPSec RA VPN, I've seen some setup terminating EAP-TLS at ISE using EAP but I am not certain whether a machine certificate can be used.

0 Helpful
Customers Also Viewed These Support Documents