ISE IPN, ASA VPN, RSA authentication, and different locales
My customer is using an ASA VPN with RSA authentication. They would also like to use the IPN for posturing. While i have this working, the problem comes in when a user in a different country establishes VPN to the ASA (All VPN worldwide terminate into a single ASA), the locales do not match. The problems i am facing are that if the user already has a previous install of the NAC agent, it conflicts with the locale that ISE is attempting to install. If the user does not have NAC, it redirects them to the english portal to install it (not good when they only speak Chinese). From my understanding, RSA does not have an attribute that can be passed back which can be used to associate a user to a group, or at least there is no configurable one in ISE. The only option i can think of is to create separate profiles, but then is there a way to tell ISE which profile is being used? OR use a single profile and have RSA pass some attribute back to the ASA, which the ASA can then pass to ISE to associate to a group to which a locale can be associated...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...