Hello together,
in our new environment we use a CISCO ISE together with Microsoft AD and for our mobile workers a Cisco ASA-VPN with Anyconnect Clients.
At the moment the Auth Mode is IWA with Kerberos Auth and SingleSignOn.
The Mobile Workers can´t use Kerberos via VPN, because they are no Domain-Members. So we try to use Radius-Accounting with the ASA-VPN and
want to use the ISE SGT to give the right permissions in the ruleset.
Has anyone tried this?
regards
Thorsten