Hi Team,
I'm working on an ISE POC with a customer and we ran into an issue with ISE CWA on switches without SVI's in the Data/Access VLAN's. The customer is using an ASA as their default GW for all vlans so every vlan needs to go through policy for communication. I have put together the attached flow based on information I have read but would like to verify this is correct and I'm not missing anything. Due to the asymmetry of how URL Redirection works, I can see how this will cause a problem with Firewalls. I have also added some alternative designs in the image. Is there any Best Practice Designs with this type of scenario? Also, Is this flow accurate?
