collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE integration with Firepower with pxGrid  (Read 5339 times)

Offline Mikep

  • Cisco Newbie
  • *
  • Posts: 21
  • Reputation: 5
  • Certification: CCNP
ISE integration with Firepower with pxGrid
« on: April 25, 2016, 05:56:16 PM »
Hey MC,

I was curious if you have had a chance to lab this up yet? I just haven't had time and can't in prod.

Right now for wireless clients there is no AD log on/log off event so the CDA can't map user to IP for wireless users.  This is problematic with WSA and will be with out firepower when we upgrade our ASA's

I'm curious with pxGrid if ISE will be able to map wireless users to IP and have that context used in firepower? Or is it pretty much a glorified CDA and can only see AD events and use those?


Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ISE integration with Firepower with pxGrid
« Reply #1 on: April 25, 2016, 09:38:05 PM »
ISE publish endpoint identity from two sources; RADIUS/802.1X and Identity mapping from AD (like CDA). If your users authenticates against ISE whether they are wired/wireless/VPN, ISE will send the user info into the pxGrid for other subscriber to consume. So yes, your WSA or FP should be able to see the username/IP.

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
5693 Views
Last post September 03, 2014, 01:17:22 AM
by MC
6 Replies
15728 Views
Last post July 20, 2015, 07:48:48 AM
by amsa
9 Replies
16923 Views
Last post August 16, 2016, 11:25:04 PM
by MC
4 Replies
8612 Views
Last post March 09, 2016, 11:14:56 PM
by MC
3 Replies
6917 Views
Last post April 05, 2016, 10:03:24 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal