Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1782
Views
5
Helpful
3
Replies

VPN users in Cisco ISE

Asfandyar70754
Level 1
Level 1

‎06-18-2021 04:05 AM

Hey guys,

 

Good day.

I have some vendors and some 3rd party users in my network but they are not in my Active directory but some of those users access network using VPN, but after deploying ISE can I somehow bind the MAC addresses of vendor's laptop, as these users are not in my AD. Is there some feature in ISE that can address this issue.

 

TIA

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎06-18-2021 04:17 AM

@Asfandyar70754 

No ISE won't learn those laptop MAC addresses.

 

What VPN are they using? If using ASA or FTD then you can create a custom tunnel-group for those users and then in ISE use the radius avp "Cisco-VPN3000:CVPN3000/ASA/PIX7x-Tunnel-Group-Name" EQUALS <NAME>. You can then filter traffic sourced from that tunnel-group and authenticate against the ISE local user store.

hslai
Cisco Employee
Cisco Employee
In response to Rob Ingram

‎07-04-2021 08:32 PM

If using Cisco AnyConnect with ASA, ISE can learn the MAC addresses from ASA.

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎06-27-2021 03:45 PM

VPN uses Layer 3 (IP) and not Layer 2 (MAC).

I don't understand what you want to do with ISE with your vendors/third-party users.

0 Helpful
Customers Also Viewed These Support Documents