Cisco Support Community
Community Member

ISE IPN, ASA VPN, RSA authentication, and different locales

My customer is using an ASA VPN with RSA authentication. They would also like to use the IPN for posturing. While i have this working, the problem comes in when a user in a different country establishes VPN to the ASA (All VPN worldwide terminate into a single ASA), the locales do not match.  The problems i am facing are that if the user already has a previous install of the NAC agent, it conflicts with the locale that ISE is attempting to install.  If the user does not have NAC, it redirects them to the english portal to install it (not good when they only speak Chinese). From my understanding, RSA does not have an attribute that can be passed back which can be used to associate a user to a group, or at least there is no configurable one in ISE.  The only option i can think of is to create separate profiles, but then is there a way to tell ISE which profile is being used?  OR use a single profile and have RSA pass some attribute back to the ASA, which the ASA can then pass to ISE to associate to a group to which a locale can be associated...

Any ideas?

Everyone's tags (1)
CreatePlease to create content