Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1915
Views
2
Helpful
3
Replies

Using ISE with Microsoft Direct Access (DA) VPN

angogate
Level 1
Level 1

ā€Ž02-08-2016 10:27 PM

We have a customer evaluating ISE for his global Deployment. They are currently using  Microsoft Direct Access as their VPN solution. Can we use ISE as a Policy engine for VPN Users while he continues to use Microsoft Direct Access as their VPN

3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee

ā€Ž02-09-2016 03:35 AM

if you're looking at pointing their VPN solution to use for RADIUS AAA then yes it should work via standard radius support, not really sure what you're gaining by doing this as to me it would seem that just using Microsoft DA against AD would be enough? Unless the solution requires RADIUS?

micrsoft direct access requires special servers that terminate ipsec tunnel and then forward access to their services

For ise posture services

ASA VPN supports radius coa and URL redirect to correctly work with ISE posture

otherwise for non cisco deployment you would use the following setup

ise requires special setup to work with IPN (inline posture node) where the radius server needs to talk to ISE

Cisco Identity Services Engine User Guide, Release 1.2 - Setting up Inline Posture [Cisco Identity Services Engine] - Ciā€¦

0 Helpful

Cory Peterson
Level 5
Level 5
In response to Jason Kunst

ā€Ž02-09-2016 06:48 AM

Keep in mind if you are on ISE 2.0 or plan to upgrade to 2.0, IPNs are no longer supported.

It is best to design ISE without IPNs at this point as ISE 2.0 and above will see an increase in 3rd party devices support.

Jason Kunst
Cisco Employee
Cisco Employee
In response to Cory Peterson

ā€Ž02-09-2016 06:59 AM

Very good point

We will be making third party support better in future releases but not likely to help with Microsoft direct access, will direct to the team to make sure

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents