Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1180
Views
1
Helpful
1
Replies

Using ISE to assign ACL's for VPN users

Jason Regan
Level 1
Level 1

‎07-23-2013 01:38 AM - edited ‎03-10-2019 08:41 PM

Hi,

I've just implemented ISE into our environment using various documents and videos found online but have not been able to find anything about using ISE to Authenticate remote users via VPN and assigning them the ACL's created for thewir level of network access.

Does anyone know of a good document or training video knocking about that I can use?

Thanks

Jason

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎07-23-2013 06:01 AM

Jason,

If the ACL is present on the ASA you can use the "filter-id" radius attribute to reference the acl to the user's session. You can make this work by configuring an authorization profile and tying this in with your authorization policy for vpn users.

If you want to push an acl then my recommendation is to use the cisco-av-pairs to push the acls since the username is associated with the acl that is applied to the username of the vpn session.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1763743

Thanks,

Tarik Admani
*Please rate helpful posts*

Customers Also Viewed These Support Documents