I have a 2130 firepower box, and I have 3 local pool IP's (staff, student, admin) for anyconnect. When a user authenticates, I want to get the ISE server to determine the name of the local pool to be used, depending on the AD group of the user. This then sends a radius message to the ASA, with instructions of what pool of IP addresses the client should be allocated an IP address from, based on the pool name (determined by ISE).
The ISE server is setup to get this working already, just with ASA's. The radius attribute in ISE is set to "Radius-Cisco VPN 3000/ASA/PIX7.x" to get it working. An example of what I'm talking about is shown in a forum post by another user below, when ACS was the main product before ISE.
However, how do I configure the firepower side for this, and is this radius attribute still the same one I need to configure on the ISE server for the firepower boxes to work?
No comments:
Post a Comment