Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using Cisco ISE - Inline Posture Node in Bridged or Routed mode?

Hi all,

if this post is in the wrong forum, then please let me know and I will move it to the correct forum.

I am intending in using a Cisco ISE Inline Posture Node for our VPN clients coming in through our ASA device. I'd like to know whether any functionality is lost when using the Inline Posture Node as a L3 routed device or a L2 Bridged device.

My preferred method, as i understand it, would be to go L2 mode so that I do not have to change any Network Addressing and the device and sit "InlIne" on my VLANs.

Any information on this would be grateful.

Thanks

Mario

2 REPLIES

Using Cisco ISE - Inline Posture Node in Bridged or Routed mode?

It all depends on your setup, for L2 mode you will have to assign a vlan to your clients that come in on a specific group policy and that vlan must be the vlan that terminates on the untrusted interface of your ipep. From there the vlan mapping occurs taking those vpn clients from that GP vlan to a production vlan where they are routed through what ever access that are permitted in your authorization policies.

Basically we woudl have users from 10.x.x.x network to map to a vlan 10 on the ASA group policy, from there the actual routable vlan is 100 so from the ipep (posture node) we will setup the vlan mapping so that all traffic is forced through the ipep and through you production network.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Using Cisco ISE - Inline Posture Node in Bridged or Routed mode?

Hi Tarik,

i know that it has been a while. We are going to be doing a Proof Of Concept with the ISE next week and I was wondering whether there are any recommended guides for setting up the ISE with the ASA for inline posturing and profiling of VPN clients?

Thanks

Mario

1423
Views
0
Helpful
2
Replies