Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
3
Replies

ACS to ISE config issues

Si
Level 1
Level 1

‎02-26-2014 08:23 AM - edited ‎03-10-2019 09:27 PM

Hi,
Im trying to migrate VPNS from ACS to ISE but i cannot quite get used to the ISE.

Below is a picture of my Authentication rule id like replicating on ISE but so far i have had no joy. Any points would be greatly received.

If the network source IP is trusted Rule 1 is hit and ISS is just use AD

If the network source IP is untrusted Rule 2 is hit and ISS is just use OTP Then AD

Im not 100% on the authorisation aspect either.

I think im want something along the lines of Ad:Group/x/x/x/x and TunnelGroup xxx = Permit/Apply ACL else Deny

I can pass authentiation from the ASA to ISE, one thing i have noticed in the aaa report, in the AV pairs the tunnel group name is not listed.

Many thanks in advance

S

VPN.jpg

Labels:
0 Helpful
3 Replies 3

blenka
Level 3
Level 3

‎02-26-2014 10:29 AM

please find the link below may help you.

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_guest_pol.html#wp1554378

0 Helpful

Si
Level 1
Level 1
In response to blenka

‎02-27-2014 12:11 AM

Hi Basant,

I dont think thats quite what im looking for. I need to work out how to add new rules for IPsec VPN tunnels and SSL VPN

0 Helpful

Muhammad Munir
Level 5
Level 5

‎02-27-2014 06:49 AM

Hi

FYI

Cisco Secure ACS and Cisco ISE exist on different hardware platforms and have  different operating systems, databases, and information models. Therefore, you  cannot perform a standard upgrade from Cisco Secure ACS to Cisco ISE. Instead,  the Cisco Secure ACS to Cisco ISE Migration Tool reads data from Cisco Secure  ACS and creates corresponding data in Cisco ISE.

For migrating the policies, and all other information, please visit the following link particularly the chapter 3,4,5:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/migration_guide/ise_migration_guide/ise_mig_preface.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents