you can also use radius, i believe in server 2008 its called Network policy server. You can have it answer back not only a yes or no, but the AD group
as well. Lets say you wanted policies for 3 groups
each of these would have a radius policy, and if someone was a member of marketing, NPS/IAS(if server 2003) would answer back with the group name, which would correspond with the group policy name in the 3005(they dont necessarily have to match, if you want marketing to be in a group on the 3005 called limited etc. I do remember this was a tad tricky to configure on the 3005, but I had it working a while ago just like this, and was able to use one ipsec group but different policies based on the radius response. I defined the policy groups(IP assignments, allowed subents etc) on the 3005.
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...
IntroductionRequirementsWhat problem does CSDAC solve?CSDAC ComponentsConfiguration CSDAC Login Connector AdaptersCSDAC WorkflowFMC Policy Configuration with Dynamic ObjectsUse Case: Blocking IP address using dynamic object without a policy push