Техническая Инструкция для Cisco Cisco Identity Services Engine 1.0.4

Contributed by Bastien Migette, Cisco TAC Engineer.
Mar 19, 2013

Introduction
 Prerequisites
      Requirements
      Components Used
      Conventions
 Background Information
 Basic Flow
      Example Topology
 ASA Configuration
 ISE Configuration
      iPEP Configuration
 Authentication and Posture Configuration
      Posture Profiles Configuration
      Authorization Configuration
 Result
 Related Information

This document provides information on how to set up inline posture with an Adaptive Security Appliance
(ASA) and an Identity Services Engine (ISE).

There are no specific requirements for this document.

The information in this document is based on version 8.2(4) for the ASA and version 1.1.0.665 for the ISE.

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

The ISE provides a lot of AAA Services (Posture, Profiling, Authentication, etc). Some Network Devices
(NAD) support Radius Change Of Authorization (CoA) that allows to dynamically change the authorization
profile of an end device based on its Posture or Profiling result. Other NADs such as the ASA do not support
this feature yet. This means that an ISE running in Inline Posture Enforcement mode (iPEP) is needed to
dynamically change the network access policy of an end device.