Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are currently using DUO as our MFA provider for our AnyConnect sessions, on an ASA5555-X. It is working fine, but we are switching providers to Okta. The trick is going to testing and rollout/. We have a LOT of employees, so we can't just hot c...
I am running ISE 2.3 as a tacacs+ server. I have it working well with my Cisco devices. It is integrated with AD as an external identity source. I am using a default authentication policy that checks against AD. I also have a couple different aut...
That's a great idea! I think I will definitely make that my plan A. I'll bring it up in our upcoming planning meetings, and see how that works. Thanks for the input!
Thanks for your feedback on the testing. Do you (or anyone else) have any suggestions for how to roll it out in phases? We want to avoid just changing the aaa-server at a specific date and time, forcing everyone to migrate at once.
Thank you for your reply Damien! What you're describing is exactly what I'm trying to do. However, I'm not sure exactly how to pass the "local-user-name" back to Juniper. Any help on how to do that?
