Cisco Cisco Identity Services Engine 1.0.4 Manual Técnica
Cisco Adaptive Security Appliance (ASA) VPN configuration
●
Cisco AnyConnect Secure Mobility Client configuration
●
Cisco FirePower Management Center basic configuration
●
Cisco ISE configuration
●
Cisco TrustSec solutions
●
Components Used
The information in this document is based on these software and hardware versions:
Microsoft Windows 7
●
Microsoft Windows 2012 Certificate Authority (CA)
●
Cisco ASA Version 9.3
●
Cisco ISE software Versions 1.4
●
Cisco AnyConnect Secure Mobility Client Versions 4.2
●
Cisco FirePower Management Center (FMC) Version 6.0
●
Cisco FirePower NGIPS Version 6.0
●
Configure
FirePower Management Center (FMC) is the management platform for FirePower. There are two
types of functionalities related to ISE integration:
types of functionalities related to ISE integration:
Remediation - allows FMC to quarantine the attacker via ISE, which is dynamically changing
authorization status on access device providing limited network access. There are two
generations of this solution:
authorization status on access device providing limited network access. There are two
generations of this solution:
●
Legacy perl script using Endpoint Protection Service (EPS) API call to ISE.
1.
Newer module using pxGrid protocol call to ISE (this module is supported only in version 5.4
- not supported in 6.0, native support planned in 6.1).
- not supported in 6.0, native support planned in 6.1).
2.
Policy - allows FMC to configure policies based on TrustSec Security Group Tags (SGT).
●
This article focuses on the second functionality. For Remediation example please read references
section
section
Network Diagram