I've configured Anyconnect on an FTD. Basically, my auth goes via ISE, and my ISE has a policy-set binding an AD group check to verify I'm a member of a group policy. If I am, then I've configured ISE to use the attribute below to assign me a pool (which is a pool configured on the FMC)
Cisco-VPN3000:CVPN3000/ASA/PIX7x-Address-Pools : POOL-XYZ-ON-FMC
So basically, I can assign different pools to people based on their group policy. What I want to do in addition to this (and I'm quite confident it will be a setting on this same page), is assign an access-list name that will be applied on this same group-policy check. It simply just needs to state: if authenticated, use an ACL named XYZ, which will be an ACL I have configured on the FMC (not an ACL I have configured on ISE). What is that option I need to find (what AV pair is it). I initially thought it would be the tick-box named "ACL (Filter-ID) " in the common tasks section of the authorisation profiles, this did not work. So I must just be needing to set this via an AV-PAIR.
The goal is simply to get an ACL that will be applied for a user based on their ISE auth, and either over-ride the existing ACL in the policy for that box, or get it to work in conjunction with the existing policy as an additional check.
No comments:
Post a Comment