Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
2
Replies

Translation of Pulsesecure - Windows AD security policy to Cisco ISE for VPN access

Go to solution
rgonzalezsanchez
Level 1
Level 1

‎02-16-2019 01:02 AM

Hi guys,

I need advise, I'm in a project where I have to replace a pulsesecure platform with two firepowers 2110 and an ISE controller. At first it didn't seem very dificult but when I started looking closely at the Pulsesecure policy I noticed that they have about 80 rols mapped to windows AD groups and that each user has a diferent combination of groups to make his access policy. I know that ISE 2.3 (my version) doesn't support merging multiple DACLs based on matching different combinations of windows groups so my question is, is there any other way to attack this problem rather than making as many dacl / results / rules as the combination of all the windows grups used by the users? This solution, in addition to being a hugh amount of work will be a manteinance nightmare. Thanks for your help.

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎02-16-2019 01:48 PM

You are correct the new policy set UI in ISE 2.3+ not currently support multi-match for such use cases and I am not aware of any workaround unless using ISE 2.2 or earlier.

Perhaps you may use Dynamic Access Policy (DAP) ACL Aggrega... - Cisco Community if using ASA code.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎02-16-2019 01:48 PM

You are correct the new policy set UI in ISE 2.3+ not currently support multi-match for such use cases and I am not aware of any workaround unless using ISE 2.2 or earlier.

Perhaps you may use Dynamic Access Policy (DAP) ACL Aggrega... - Cisco Community if using ASA code.

0 Helpful

Go to solution
tuan-nguyen
Level 1
Level 1

‎09-13-2022 11:12 AM

Hi,

could you please tell me what are the steps do we needs to replace the pulse secure platform for the firepower? do you any documents to read about this?

0 Helpful
Customers Also Viewed These Support Documents