03-13-2023 08:37 AM
Hello,
where in the Cisco ASA can the authentication configured for the gateway login , where the provided Cisco AnyConnect version can be downloaded for the users?
How can this be realised via the Cisco ISE?
What would have to be returned as a result?
I am currently at a loss.
Therefore, thank you very much.
Marco
Solved! Go to Solution.
03-13-2023 08:49 AM
@Marco Serato If the user does not have the VPN client they can connect to the ASA web portal and download the image, then install.
To upgrade, if you upload the anyconnect image to the ASA the user will automatically upgrade after authenticating to the VPN.
You can deploy the anyconnect image via the ISE provisioning portal - https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010110.html
03-13-2023 08:49 AM
@Marco Serato If the user does not have the VPN client they can connect to the ASA web portal and download the image, then install.
To upgrade, if you upload the anyconnect image to the ASA the user will automatically upgrade after authenticating to the VPN.
You can deploy the anyconnect image via the ISE provisioning portal - https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010110.html
03-13-2023 08:57 AM - edited 03-13-2023 09:08 AM
That sounds great, but I think it needs some time to understand it right.
If Cisco ISE is requested, what is the best way to set the result?
Is a simple ACCEPT sufficient?
Or should there be more in there (security thought)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide