We have a setup in the lab where we are using passive ID with ISE and as a result the username gets mapped to multiple IP addresses.
Please see the attached document for the topology.
Virtual ISE 2.3
AD – Server 2016
Workstation – Windows 10
Mail server using kerberos to AD for user.
ASAv basic config with SXP to ISE.
ISE connected to AD and using Passive ID without agent.
AD basic config with.
Mail server using Kerberos.
I did only a couple of tests before dismantling the lab but this was the scenario as I experienced it.
User1 logs in to PC, ISE gets info via Passive ID and maps ip 126.96.36.199 to User1 and sends it via SXP to ASA.
User1 logs in to Webmail, ISE gets info via Passive ID and maps ip 188.8.131.52 to User1 and sends it via SXP to ASA.
Is this a known phenomenon?
... View more
Hello All, Could you please advise me, with AC ISE web deployment – can we deploy on endpoints AC AMP Enabler module and AC Umbrella Roaming module? Or is this deployment option strictly available only for AC VPN core, AC Posture and Compliance module? https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/deploy-anyconnect.html Many Thanks Ivana Ivana Mihajlovic Customer Success Manager Cisco CCIE Security, ISC2 CISSP, ISC2 CCSP, AWS Certified Solution Architect - Associate, TOGAF 9, ITIL, Proact BOST Bronze, Master Project Management Cisco Systems, Inc. Pegasus Parc De kleetlaan 6a DIEGEM 1831 Belgium email@example.com
... View more