Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Using ISE to assign ACL's for VPN users

Hi,

I've just implemented ISE into our environment using various documents and videos found online but have not been able to find anything about using ISE to Authenticate remote users via VPN and assigning them the ACL's created for thewir level of network access.

Does anyone know of a good document or training video knocking about that I can use?

Thanks

Jason

1 REPLY

Using ISE to assign ACL's for VPN users

Jason,

If the ACL is present on the ASA you can use the "filter-id" radius attribute to reference the acl to the user's session. You can make this work by configuring an authorization profile and tying this in with your authorization policy for vpn users.

If you want to push an acl then my recommendation is to use the cisco-av-pairs to push the acls since the username is associated with the acl that is applied to the username of the vpn session.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html#wp1763743

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
145
Views
1
Helpful
1
Replies
CreatePlease to create content