RE: Machine authentication with Remote VPN (AnyConnect)

kajal — Tue, 23 Apr 2024 14:19:20 +0000

To configure machine authentication in Cisco ISE (Identity Services Engine), follow these steps:

1. Log in to the Cisco ISE admin portal.
2. Go to "Administration" > "Identity Management" > "Identity Sources".
3. Click "Add" and select "Active Directory" (or your desired identity source).
4. Configure the identity source settings (e.g., domain, username, password).
5. Go to "Policy" > "Authentication" > "Machine Authentication".
6. Click "Add" and select the desired authentication protocol (e.g., EAP-TLS, PEAP).
7. Configure the authentication settings (e.g., certificate requirements, authentication order).
8. Go to "Policy" > "Authorization" > "Machine Authorization".
9. Click "Add" and select the desired authorization policy (e.g., permit or deny access).
10. Configure the authorization settings (e.g., conditions, permissions).
11. Go to "Administration" > "Network Resources" > "Network Devices".
12. Click "Add" and select the device type (e.g., switch, router).
13. Configure the device settings (e.g., IP address, authentication protocol).
14. Save and apply the changes.

This configuration enables machine authentication in Cisco ISE, allowing devices to authenticate and authorize access to the network.

Machine authentication with Remote VPN (AnyConnect)

Ivan Lon — Thu, 11 Apr 2024 13:07:17 +0000

Anyconnect clients establish VPN tunnels to firewall and are authenticated using an AD . For AD, the ASA sends the authentication request to ISE which is integrated with AD. Clients are associated to different group-policies depending on which AD group they belong to.

We would like to add machine authentication to this, is is possible to additionally check that the client machine is also present and active in AD?

Machine authentication with Remote VPN (AnyConnect) - Cisco Firewall

RE: Machine authentication with Remote VPN (AnyConnect)

Machine authentication with Remote VPN (AnyConnect)