Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a customer on ISE 2.3 code that needs to be running in FIPS-compliance (which I am interpreting as FIPS140-2). I know we can turn on FIPS-compliant mode to enforce settings for FIPS compliance (cert size, cyphers, etc etc), but is this code le...
All: I've got a customer that has a business requirement for FIDO2 (WebauthN)authentication for their VPN clients. They plan on using Yubikey or similar token hardware for end users to authenticate. From what I've seen so far, this isn't supported i...
I have a customer currently using ASA VPN authentication -> ISE -> Microsoft AD. They have SAML on OpenAM and are requesting assistance from me in integrating ISE into the authentication with the end goal of SAML authentication of VPN users. Links a...
I'm trying to mull over what profiling options are available for VPN users. I have an environment using ASA VPN in conjunction with ISE IPN to allow full posturing for VPN clients prior to allowing network access. The use case here is we want to al...
Running into what appears to be an insurmountable obstacle in this environment.I have an ASA 5512-X in place as the edge firewall and want to use the IDS module. The inside is 2 "flat" networks - that is, their default gateway points to the ASA itse...
Thanks for the quick reply! Very helpful. After reading your reply I subsequently wondered if there'd be better luck for this if we used the thin client rather than the full Anyconnect client - perhaps that would add the client-side support needed f...
A further point that I should iterate - I had originally thought that the intention of SAML within this environment was for SSO for end users using SAML for authentication to other assets. That may still be the case, but they are indeed using the ba...
See inline answers:The questions I wasn’t able to answer are:• Can the ACS work in a heterogeneous environment (i.e. Cisco and Alcatel Switches)?Yes, as long as those devices support RADIUS and TACACS+ IETF standards. Some devices require the co...
