cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1342
Views
10
Helpful
5
Replies

ISE-PIC integration options

imihajlo
Cisco Employee
Cisco Employee

Hello,

Could you please advise me today what we can integrate ISE-PIC with?

We can integrate ISE-PIC with FMC and Stealthwatch - is that integration using pxGrid only? Can we out of this integration use just user identities or this is just for SGT exchange? Can we via pxGrid integration obtain from ISE-PIC just IP address to usernames mappings?

How about integration with ASA? We used to have CDA which we were integrating with ASA for IDFW feature. Does that work today with ISE-PIC in place of CDA?

Do we have any guides please around ISE-PIC integrations?

Many Thanks

Ivana

2 Accepted Solutions

Accepted Solutions

Timothy Abbott
Cisco Employee
Cisco Employee

Hi,

The only integration options for ISE-PIC are FMC and StealthWatch using pxGrid.  ISE-PIC sends user to IP mappings only since it does not support active authentication (802.1X, SGT assignment, etc.).  For IDFW, you will need to continue using CDA as ISE-PIC currently lacks the RADIUS interface ASA requires to learn identity.

Regards,

-Tim

View solution in original post

ISE-PIC still lacks the CDA RADIUS interface that the ASA needs to pull identity.

Regards,
-Tim

View solution in original post

5 Replies 5

Timothy Abbott
Cisco Employee
Cisco Employee

Hi,

The only integration options for ISE-PIC are FMC and StealthWatch using pxGrid.  ISE-PIC sends user to IP mappings only since it does not support active authentication (802.1X, SGT assignment, etc.).  For IDFW, you will need to continue using CDA as ISE-PIC currently lacks the RADIUS interface ASA requires to learn identity.

Regards,

-Tim

Thanks Tim

Regards,

Ivana

Ivana Mihajlovic

Customer Success Manager

Cisco CCIE Security, ISC2 CISSP, ISC2 CCSP, AWS Certified Solution Architect - Associate, TOGAF 9, ITIL, Proact BOST Bronze, Master Project Management

Cisco Systems, Inc.

Pegasus Parc De kleetlaan 6a

DIEGEM 1831 Belgium

imihajlo@cisco.com

Hi,

 

i was wondering if the ISE-PIC  integration is still not supported on ASA until now !

i have a case where the customer asking me the same question, but i can not find an updated document about it.

 

thank you.

-Ashraf

ISE-PIC still lacks the CDA RADIUS interface that the ASA needs to pull identity.

Regards,
-Tim

Dear Tim,

 

thank you for you help, appreciate your fast response.

 

thanks,

Ashraf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: