Cisco ISE 2.1 Updates & New Features !

Cisco ISE 2.1 Updates & New Features !

ISE
Cisco released its latest version of its Access Control and Identity Management software known as Identity Services Engine (ISE) 2.1 , Release Notes can be found here. I'll just post high level information about some of the additional features of ISE 2.1 as its a beefy version & lot of exciting new features to get you started with. Without further ado, lets dive into the features list. Customizable Dashboard You can create a new dashboard and add any of the dashlets that you need to the dashboard. You can customize the tabs, dashlets, and layout. You can drag and drop dashlets, export data from a dashboard as an Excel or PDF file, and provide role-based access control for the dashlets.  There are number of different dashboards i.e .Summary Dashboard ,…
Read More
FlexVPN Remote Access VPN using EAP Authentication via Cisco Identity Services Engine (ISE)

FlexVPN Remote Access VPN using EAP Authentication via Cisco Identity Services Engine (ISE)

ISE, VPN
This is one of the many scenarios covered in Lab technology guides section HERE , we will setup an AnyConnect Client connected to an IOS device using IKEv2 with EAP as an authentication method for Client. Responder or IOS device must use Certificate for authentication. We will perform User Authentication using EAP. AnyConnect Client user will be configured on RADIUS Server (Cisco Identity Services Engine ) in this case & authentication and authorization will be performed accordingly. We will use a Windows XP host with AnyConnect Secure Mobility Client v4 Installed to perform this scenario based on below sample topology diagram Here's the snippet of ISE configuration steps: Setup Network Device in ISE  for HQ RTR Under  Administration -> Network Resources -> Network Devices Create RA VPN user as and…
Read More
Cisco ISE 2.0 Support for TACACS+ & additional features

Cisco ISE 2.0 Support for TACACS+ & additional features

ISE
Cisco Identity Services Engine (ISE) 2.0 came with lot of latest features , the most popular being the support for Device Administration via TACACS+.  Here is a list of the new features that come bundled with ISE 2.0 according to the official release notes listed HERE. Further details are listed below : Device Administration via TACACS+: ISE can now leverage the TACACS+ security protocol to control and audit the configuration of network device. This requires an additional license [Device Administration license] to use the TACACS+ service.An ISE administrator can create policy sets that allow TACACS results, such as command sets and shell profiles, to be selected in authorization policy rules in a device administration access service. Third-Party Device Support: Many more 3rd-party vendors have been added to Device Support list…
Read More
2 Factor authentication for Cisco VPN Solutions

2 Factor authentication for Cisco VPN Solutions

ACS, ISE
Generally, there are two forms of approaches that are used widely in networks today for User Credentials management i.e.  Username & Password based authentication and/or Certificate based authentication.First approach is easier to manage but if you choose easy passwords or your passwords are stolen, your identity can get compromised. 2nd approach requires little bit of management overhead but offers most security since your Identity Certificates can’t be forged that easily. However, if your laptop which has your Certificate installed gets stolen , your identity gets compromised. Both methods offer single layer of authentication. Using any of the above methods alone, your identity can be compromised. Despite of losing user credentials (someone decoding your company’s global VPN Client group authentication key from the Cisco VPN Client PCF file – ) or…
Read More