We have around 1500 vpn clients and would like to utilize the internal CA on ISE to issue/revoke certificates. Is this a supported deployment? We have different authentication methods for specific vpn users (AD/RSA) and utilize a certificate map to trigger the tunnel group and ISE authentication policies to match. We would like to be able utilize scep from the ASA to ISE to issue specific client certs. We have this working but don't want to deploy if using the internal ISE CA in this fashion is not advise/supported.
I tested this exact scenario a couple of years ago, from memory I did get this working, but did not go ahead with it in production. The ISE CA is featureless and the ISE Certificates are just intended for BYOD scenarios, so I personally wouldn't use it for what you want to use it for.
If possible I'd go for a Microsoft CA, use NDES role as the SCEP server and this will give you everything you want.
Juno is one of the best platforms for web services provider in the whole world. Juno is the internet service provider in the United States and renowned about its value-priced facility. Juno also offers its emailing feature that is one of the best mailing ...
This document is to provide any changes made to endpoint OS that impacts BYOD flow for end users.
Prior to troubleshooting endpoint issues, please follow these steps first:
Update OS finger printing DB on ISE: This is done by going to Adm...
"Cisco is aware of the recent Fxmsp hacking claims and confirmed we are not among the vendors named. At this time, we are not aware of additional information that links Cisco products to source code or assets involved in this issue, including Cisco AMP an...