Does ISE have the ability to restrict a user login to one device across a distributed ASA environment? The user can login to ASA-1 with a laptop, but then they cannot then login to ASA-2 with their iPad. I know we can support this on the ASA and it looks like it's supported in ACS. Customer is asking as it's something they need to comply with as part of their FedRAMP requirements.
Thank you, hslai. Can you confirm that this will work if a customer is using ISE to authenticate users for both Clientless and AnyConnect? Example: iif User-A connects to clientless portal, they should be unable to login with AnyConnect.
I believe it would work if using two different client devices and each at a different location. If either the same client or presenting the same calling station ID, then they are likely treated as the same session.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
