01-15-2015 04:04 AM
I am currently migrating from CAS solution to ISE for posture assessment. Currently I am using LDAP for Authorization. When testing against ISE, I am unable to authorize users without changing the the Authorization setting to ISE on my ASA. Problem is we use LDAP to make sure the user is in the right group for access. We aren't using ISE in an Active Directory setting. Is there a way I can trigger ISE to do the Posture Assesment without having to change my current Authorization scheme to ISE?
01-15-2015 05:57 AM
You might be able to get it working using the AD server as the first authentication and ISE for the second one - sort of a 2-factor authentication model. As I understand it, you're really making a decision to authenticate with AD, not an authorization decision per se.
Why not integrate ISE with AD and use it for both group validation and posture assessment? That's a common deployment scenario.
01-15-2015 06:22 AM
I agree about integrating, but that is not an option at the moment for some reason. To clarify, not an option by management
01-15-2015 07:08 AM
Layer 8 issues are often the most problematic ones.
01-15-2015 06:36 AM
Actually we Authenticate using a Cert...we authorize using LDAP based on user credentials present on the Cert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide