Lab Minutes Forum

Technical Discussion => Security => Topic started by: santoshcsco on August 04, 2015, 10:29:41 PM

Title: ISE CoA for Anyconnect VPN
Post by: santoshcsco on August 04, 2015, 10:29:41 PM
Hi,

this is the requirement,
Single Anyconnect Profile :
Using ISE for authentication and authorization with dynamic IP assignment based on the OU groups to remote users.

can this be done.. i know this can be done using parameter-map on ASA, but can we leverage on ISE for this.

 
Title: Re: ISE CoA for Anyconnect VPN
Post by: MC on August 05, 2015, 05:53:50 AM
That should be possible. You would have multiple group-policy on the ASA. Based on auth result, you can use Radius class attribute in auth profile to assign user to group-policy. All user will use the same anyconnect client profile (ie tunnel- group)
SimplePortal 2.3.7 © 2008-2024, SimplePortal