Layer 8 issues are often the

Daniel Jones · ‎01-15-2015

I am currently migrating from CAS solution to ISE for posture assessment. Currently I am using LDAP for Authorization. When testing against ISE, I am unable to authorize users without changing the the Authorization setting to ISE on my ASA. Problem is we use LDAP to make sure the user is in the right group for access. We aren't using ISE in an Active Directory setting. Is there a way I can trigger ISE to do the Posture Assesment without having to change my current Authorization scheme to ISE?

Marvin Rhoads · ‎01-15-2015

You might be able to get it working using the AD server as the first authentication and ISE for the second one - sort of a 2-factor authentication model. As I understand it, you're really making a decision to authenticate with AD, not an authorization decision per se.

Why not integrate ISE with AD and use it for both group validation and posture assessment? That's a common deployment scenario.

Daniel Jones · ‎01-15-2015

I agree about integrating, but that is not an option at the moment for some reason. To clarify, not an option by management

Marvin Rhoads · ‎01-15-2015

Layer 8 issues are often the most problematic ones.

Daniel Jones · ‎01-15-2015

Actually we Authenticate using a Cert...we authorize using LDAP based on user credentials present on the Cert

ISE Authorization