If you need the certificate based authentication just for one provider/tunnel and you have a dedicated Border Router in DC, what are the arguments against using the hub router as root ca or the Master Controller as root ca?
The point is the customer wants to change the security to a IWAN PKI deployment but does want to add an additional dedicated router in dc.
Many Thanks for your answers and thought in advance
The goal of this guide is to illustrate the main concepts of TrustSec which are:
Classification: Classifying endpoints and servers with a Scalable Group Tag (SGT)
Propagation: Communicating SGT information through the network
Securing the network by ensuring the right users, the right access, to the right set of resources is the core function of Cisco’s Identity Services Engine (ISE). ISE builds context about users (Who), device type (What), access time (When), ...
Segmentation Strategy - An ISE Prescriptive Guide
IntroductionBaseline ISE Configuration for TrustSecActive Directory Integration (optional)Defining the Security Groups (SG) and...