cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

934
Views
0
Helpful
3
Replies
Highlighted

Remote Access VPN posturing with Cisco ISE 1.1.1

Hi all,

we would like to start using our ISE for Remote VPN access.

We have run a proof of concept with the ISE & IPEP with a Cisco ASA5505. We got the authentication working however posturing of the client did not work.

That was a few months ago and so I was wondering whether any design document is available specifically around Using the Cisco ISE for Authenticating & Posturing Remote Access VPN clients.

I understand that version 9 of the ASA code is supposed to eliminate the need for Inline Posture, does anyone know whether this will also allow posturing too?

We do intend to by Cisco ASR's aswell, but I am sceptical of this as i do not know how many VPN licenses you get out of the box. The ASA's we have allow up to 5000 IPSec VPNs without having to purchase any licensing. What I do not want to do is to switch to SSL VPNs as this again will increase cost.

I know ISR's are support NADs but what about ASRs? There is no mention.

Any advise will be appreciated!

Mario

Everyone's tags (5)
3 REPLIES 3

Remote Access VPN posturing with Cisco ISE 1.1.1

If anyone has setup the ISE to authenticate and posture Remote Access VPN clients I would be very interested in knowing how you achieved this.

The statement below is actually incorrect... "We got the authentication working however posturing of the client did not work."

It was actually the other way around. Posturing worked fine but there was a limitation with the Inline Posture Node handling Certificate Authentication.

Does anyone know if Certificate Authentication with Inline Posture and ASA is working fine now?

Mario

Remote Access VPN posturing with Cisco ISE 1.1.1

OK, I have come accross the Cisco Validated design for BYOD and in there it has a section about Authenticating VPNs.

thats great... however it does not mention using the Inline posture node. Does anyone know if there is a limitation using Inline Posture and SSL VPNs...?

essentially my requirements are

2-factor authentication VPN using a Certificate & RSA Token

Posturing of the VPN endpoint.

Ideally i would like to use IPSec VPNs as i have licenses already for these on my ASAs. But if it will only work with SSL & AnyConnect, then so be it.

Can anyone help?

Mario

Remote Access VPN posturing with Cisco ISE 1.1.1

I have moved the discussion to the VPN forum incase this query is too VPN specific.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here