ā02-08-2016 10:27 PM
We have a customer evaluating ISE for his global Deployment. They are currently using Microsoft Direct Access as their VPN solution. Can we use ISE as a Policy engine for VPN Users while he continues to use Microsoft Direct Access as their VPN
ā02-09-2016 03:35 AM
if you're looking at pointing their VPN solution to use for RADIUS AAA then yes it should work via standard radius support, not really sure what you're gaining by doing this as to me it would seem that just using Microsoft DA against AD would be enough? Unless the solution requires RADIUS?
micrsoft direct access requires special servers that terminate ipsec tunnel and then forward access to their services
For ise posture services
ASA VPN supports radius coa and URL redirect to correctly work with ISE posture
otherwise for non cisco deployment you would use the following setup
ise requires special setup to work with IPN (inline posture node) where the radius server needs to talk to ISE
ā02-09-2016 06:48 AM
Keep in mind if you are on ISE 2.0 or plan to upgrade to 2.0, IPNs are no longer supported.
It is best to design ISE without IPNs at this point as ISE 2.0 and above will see an increase in 3rd party devices support.
ā02-09-2016 06:59 AM
Very good point
We will be making third party support better in future releases but not likely to help with Microsoft direct access, will direct to the team to make sure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide