Lab Minutes Forum
Technical Discussion => Security => Topic started by: santoshcsco on August 04, 2015, 10:29:41 PM
-
Hi,
this is the requirement,
Single Anyconnect Profile :
Using ISE for authentication and authorization with dynamic IP assignment based on the OU groups to remote users.
can this be done.. i know this can be done using parameter-map on ASA, but can we leverage on ISE for this.
-
That should be possible. You would have multiple group-policy on the ASA. Based on auth result, you can use Radius class attribute in auth profile to assign user to group-policy. All user will use the same anyconnect client profile (ie tunnel- group)