Cisco Cisco ASA 5515-X Adaptive Security Appliance - No Payload Encryption 문제 해결 가이드
Differentiate Authentication Types on ASA
Platforms for Policy Decisions on ISE
Platforms for Policy Decisions on ISE
Document ID: 115962
Contributed by Beau Wallace, Cisco TAC Engineer.
Mar 03, 2013
Mar 03, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
RADIUS VSA 3076/150 Client−Type Attribute
Configure
Step 1
Step 2
Verify
Related Information
Prerequisites
Requirements
Components Used
Conventions
RADIUS VSA 3076/150 Client−Type Attribute
Configure
Step 1
Step 2
Verify
Related Information
Introduction
This document describes how to configure Cisco Identity Services Engine (ISE) to utilize the Client−Type
RADIUS Vendor−Specific Attribute (VSA) in order to differentiate multiple types of authentication used on
the Cisco Adaptive Security Appliance (ASA). Organizations often require policy decisions based on the way
the user is authenticated to the ASA. This also allows you to apply policy to received management
connections on the ASA, which allows us to use RADIUS in place of TACACS+, when prudent.
RADIUS Vendor−Specific Attribute (VSA) in order to differentiate multiple types of authentication used on
the Cisco Adaptive Security Appliance (ASA). Organizations often require policy decisions based on the way
the user is authenticated to the ASA. This also allows you to apply policy to received management
connections on the ASA, which allows us to use RADIUS in place of TACACS+, when prudent.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
ISE authentication and authorization.
•
ASA authentication methods and RADIUS configuration.
•
Components Used
The information in this document is based on these software and hardware versions:
Cisco Adaptive Security Appliance Release 8.4.3.
•
Cisco Identity Services Engine Release 1.1.
•
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.