I am currently playing around with the updated ISE 1.1 and tried out the new NMAP probe feature.
Is there any possibility to alter or expand the features of the NMAP implementation in the ISE, like additional scripts etc.
My main concern is to find a non obtrusive way to gain information about endpoints, without the user to do anything as opposed to opening a web page to ISE for a HTTP probe. So far the NMAP probe helped me a bit with iDevice recognition.
As of now the nmap probe doesnt allow any user scripts to fire when an condition is matched. You can get in contact with the account team and they will be able to file a feature enhancement or see if it is on the roadmap for a future release.
what I am looking for is to gain information about devices, which are connected to our network.
Let's say a device connects. At first I can only get basic information. Is it an Apple device, MS Workstation, VMWare device etc.
Now I want to dig further and find out, if for example this MS workstation is a WinXP or Win7 client.
All this should happen under the premise that no user intervention must happen.
I can achieve this by collecting HTTP probes, but this would require the user to open a web browser first, before anything else works (similar to web authentication) as I have not found another way to push the HTTP traffic to the ISE when not using the RADIUS NAC feature on the WLC.
Users in the current company WLAN are not required to do this and it should continue.
Patrick, I agree with Tarik that Cisco should enhance ISE in this way. Other NAC products can do this with no problem. No user involvement is needed, no agents are needed, no HTTP browser is needed. For example, here is the host-based information that ForeScout’s NAC product can give you: http://goo.gl/VhIWC
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :