Cisco ISE with VPN routers(800) and wireless clients
I am using the wireless endpoints over VPN routers(800). Cisco ISE is being used for the authentication. Dynamic authorization(second phase) doesnt kick-in for the wireless users and posture validation doesnt happen for these users. Service-type login is being used by vpn routers instead of dot1x.
Machine authentication kicks in , but not user authentication.
Anyone succeeded in implemented posture validation over vpn routers(800) for wireless users?
I am afraid you won't be able to perform posture assessment with that hardware. You could probably get it to work with an IPEP (Inline Posture Node) but for that you will have to purchase a dedicated ISE appliance. By the time you are done doing that you would be better off getting a Cisco 2504 controller to replace the wireless functionality. The 2504 is fully supported of all ISE features so it will make your life a lot easier :)
It is just not a supported platform. I think what it boils down to is the support for CoA (Change of Authorization) which is defined under RFC 3576 and RFC 5176. I have never worked with the 877 platform and I don't have one to test with but from what I am able to find there is either no support for CoA or it is a limited one.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :