BYOD and ASA

smailbouabdallah · ‎03-02-2012

HI,

Is there any document on BYOD solution? I would like to configure profiles limiting users with BYOD. I am looking for a configuration guide or samples.

Thanks,

Ven Taylor · ‎03-02-2012

Not with the ASA.

You're going to have to look into NAC or ISE.

There are also many non-Cisco products available for control and management of personal wireless devices.

Ven

Ven Taylor

smailbouabdallah · ‎03-02-2012

Hi,

Thanks for the quick response. Can we configure a group policy and a profile and filter from there ?

can we do it as just a vpn users group with more restrictions? we are a cisco shop and we try to use what we have now.

Marvin Rhoads · ‎03-02-2012

ISE is the full-featured solution for such protection moving forward. However, depending on how you use your ASA in your environment, you may be able to use CSD and DAP for this. Have a look at the nice video demonstrating the feature:

http://www.youtube.com/watch?v=z9ouB8oL6ys&list=WL44B25C44727D4C03&index=1&feature=plpp_video

Hope this helps.

Ven Taylor · ‎03-09-2012

Marvin:

Great video. I see where this could apply in a remote access vpn solution, but what about wireless. Can you think of any ways to integrate this solution into wireless access? I'm just thinking out loud, but maybe create a vendor ssid / controller interface that routes to the ASA for authentication and access into the network.

Does CSD support any other OS besides windows, mac, and linux?

Ven

Ven Taylor

Marvin Rhoads · ‎03-09-2012

Wireless and other scenarios are where the ISE solution comes to the fore. It does profiling and posture assessment etc.

CSD only supports Windows, OS X and Linux. Reference. What other OS did you have in mind?

Rocky Scotti · ‎03-10-2012

BYOD 2.0

Below is a link to the recently published Cisco BYOD 2.0 White Paper:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byodwp.html

Also, be on the lookout for the official BYOD 2.0 launch coming in March!

BYOD 1.0

BYOD design guide v1.0 published last year (does not include ISE) has some pertinent info around certificate authentication and remote access VPN.

BYOD Design Guide 1.0:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/Unified_Access_Book.html

Sent from Cisco Technical Support iPad App

stephendrkw · ‎03-22-2012

There seems to little information around for BYOD from Cisco from what I can see so far.

I'm thinking about using ISE for management and some WLC's on the Internet DMZ with NAC boxes. Using NAC for user pages/dhcp scope like a Guest NAC Server.

Can the ISE do what the Clean Access Lite Manager can do? Manage remote NAC's, control user pages, dhcp scope, mac filtering, ip filtering etc?

My proposal for BYOD internet

SSID for BYOD

MAC filtering (done on ISE if possible)

Internal WLC's with a mobility anchor to Internet DMZ WLC

DMZ NAC (guest type server?)

ISE to manage DMZ NAC like Clean Lite access mrg if possible

to allow limited connectivity like good.com

I need to get Cisco in the office, but any recommendations would be helpful.