Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Jul 11, 2018

Integration with CISCO_ISE_APM

Hi Team,

 

We utilized F5_APM for SSL_VPN, which is integrated with CISCO_ISE.

 

Query 1.

 

1.1 User-Database is managed by ISE, whether its Local or AD and its passed to F5 using Class Attributes, but F5 is failing to fetch any Dynamic ACL's created jn ISE, is there any suggestion , basically we wanted to put some Access-List based restrictions ?

 

1.2 Whenever we enable Password Change option at next Login' in Cisco ISE, F5 don't understand this and the authentication fail ?

 

  1. If point 1 is not possible, as an alternative we created Access-List in F5_APM under Access Module,but is there no option to call any Group(where we can combine the destinations ?)

For example by using Data-Groups and somehow reference that in APM SSL-VPN Policy/Profile/VIP?

 

Regards PZ