Cisco ISE Vpn client authentication

teymur azimov · ‎01-16-2014

Hi dears,

i want vpn cleint authenticate from ISE server. In ISE server external identity source is Active directory. I configurate vpn client in ASA.

I read and understand that i must configurate Inline Posture node in ISE.

I confuse something.

1. Must i need a license for inline posture?

2. how is it work?

3. have the other deployment for vpn client authenticate from ISE?

Thanks.

bcarroll · ‎01-22-2014

IPN is a physical ISE device. It does not work in a VM.

Licenses are centrally managed by the Administration node. Inline Posture and Policy Service nodes do not require separate licenses. If you have two Administration nodes deployed in a high-availability pair, you can obtain a license based on the hardware IDs of both the primary and secondary Administration nodes. After you obtain the license, add it only to the primary Administration node. The license gets replicated to the secondary Administration node.

http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_deploy.html#wp1151546

Regards,

Brandon

Anas Naqvi · ‎01-29-2014

Hello Teymur,

Following link might be helpful.

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bea904.shtml

teymur azimov · ‎02-09-2014

Thank you very much to reply me.

I have one question. The Cisco ISE physically connect to Core SW(Cisco catalyst 6513-Ein vss).

All access switches connected to core sw. I want to wired and wireless users authenticated form ISE server with 802.1x authentication protocols.

My users and access pint connect to access switch.

I must confiure 802.1x in access switch. Do i need do any configuration 802.1x in CORE sw?

Thanks.