Anyconnect Authentication Requests Not Making it To ISE
Hello, I configured my ASA and ISE to do group based authentication for the anyconnect users but I'm not seeing the requests hit ISE at all. I attached my ASA config and on ISE I created a new policy set that looks for requests coming from device type = firewalls and nas-port-type= virtual, authentication rule that looks in AD and in my authorization rules I'm matching based on external groups pulled from AD, and lastly an authorization profile that has class-25 set to the group-policy configured on my ASA. Can you please look this over for me?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...