03-13-2018 03:01 PM - edited 03-01-2019 08:44 AM
Hello, I configured my ASA and ISE to do group based authentication for the anyconnect users but I'm not seeing the requests hit ISE at all. I attached my ASA config and on ISE I created a new policy set that looks for requests coming from device type = firewalls and nas-port-type= virtual, authentication rule that looks in AD and in my authorization rules I'm matching based on external groups pulled from AD, and lastly an authorization profile that has class-25 set to the group-policy configured on my ASA. Can you please look this over for me?
Solved! Go to Solution.
03-28-2018 07:07 AM
I figured out that I shouldn't disable the tunnel-group-list under webvpn for this to work the way I configured it.
03-20-2018 05:35 AM
03-28-2018 07:07 AM
I figured out that I shouldn't disable the tunnel-group-list under webvpn for this to work the way I configured it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: