Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

How to use ISE for VPN auth

Hello

looking for documenation how to setup ISE to authenticate VPN users. Right now we are usign ACS 4.2 to provide dACL and authetnication but would like to migrate this feature to ISE. Wea re using microsoft AD.

Any good docs, white papers, field notes, how-to that can address this issue will be appreciated.

Thanks

1 REPLY
Community Member

How to use ISE for VPN auth

We use the ISE for VPN (connection with openldap). On the authentication policy you have multiple options. We used the network access - device ip address option. On the Authorization  tab we used again the ip address option in combination with an ldap attribute where there was a definition of the status of the person (student, teacher, admin,...). On the policy elements tab we made some authorization profiles in results - authorization - authorization profiles. When you make a new profile you can select under Common tasks the asa vpn attribute. There you can  for example insert admin.

So if you have an admin user that wants to login:

authentication: user found in ldap (or ad)

authorization:

-user is coming from asa ip address

-user attribute is admin

= user is authorized for the admin class on your asa vpn device.

314
Views
0
Helpful
1
Replies
CreatePlease to create content