Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 451

    Page 451 Posture Conditions Apostureconditioncanbeanyoneofthefollowingsimpleconditions:afile,aregistry,anapplication,a service,oradictionarycondition.Oneormoreconditionsfromthesesimpleconditionsformacompound condition,whichcanbeassociatedtoaposturerequirement. WhenyoudeployCiscoISEonyournetworkforthefirsttime,youcandownloadpostureupdatesfromthe webforthefirsttime.Thisprocessiscalledtheinitialpostureupdate. Afteraninitialpostureupdate,CiscoISEalsocreatesCiscodefinedsimpleandcompoundconditions.Cisco... 
    Posture Conditions
Apostureconditioncanbeanyoneofthefollowingsimpleconditions:afile,aregistry,anapplication,a
service,oradictionarycondition.Oneormoreconditionsfromthesesimpleconditionsformacompound
condition,whichcanbeassociatedtoaposturerequirement.
WhenyoudeployCiscoISEonyournetworkforthefirsttime,youcandownloadpostureupdatesfromthe
webforthefirsttime.Thisprocessiscalledtheinitialpostureupdate.
Afteraninitialpostureupdate,CiscoISEalsocreatesCiscodefinedsimpleandcompoundconditions.Cisco...

    Page 452

    Page 452 Procedure Step 1ChoosePolicy>PolicyElements>Conditions>Posture. Step 2Chooseanyoneofthefollowing:File,Registry,Application,Service,orDictionarySimpleCondition. Step 3ClickAdd. Step 4Entertheappropriatevaluesinthefields. Step 5ClickSubmit. Compound Posture Conditions Compoundconditionsaremadeupofoneormoresimpleconditions,orcompoundconditions.Youcanmake useofthefollowingcompoundconditionswhiledefiningaPosturepolicy. •CompoundConditions—Containsoneormoresimpleconditions,orcompoundconditionsofthetype... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Conditions>Posture.
Step 2Chooseanyoneofthefollowing:File,Registry,Application,Service,orDictionarySimpleCondition.
Step 3ClickAdd.
Step 4Entertheappropriatevaluesinthefields.
Step 5ClickSubmit.
Compound Posture Conditions
Compoundconditionsaremadeupofoneormoresimpleconditions,orcompoundconditions.Youcanmake
useofthefollowingcompoundconditionswhiledefiningaPosturepolicy.
•CompoundConditions—Containsoneormoresimpleconditions,orcompoundconditionsofthetype...

    Page 453

    Page 453 forupdates.Theantivirusandantispywarevendorsfrequentlyupdateantivirusandantispywaredefinition files,lookforthelatestversionanddateinthedefinitionfilesforeachvendorproduct. Eachtimetheantivirusandantispywaresupportchartisupdatedtoreflectsupportfornewantivirusand antispywarevendors,products,andtheirreleases,theNACAgentsreceiveanewantivirusandantispyware library.IthelpsNACAgentstosupportneweradditions.OncetheNACAgentsretrievethissupport... 
    forupdates.Theantivirusandantispywarevendorsfrequentlyupdateantivirusandantispywaredefinition
files,lookforthelatestversionanddateinthedefinitionfilesforeachvendorproduct.
Eachtimetheantivirusandantispywaresupportchartisupdatedtoreflectsupportfornewantivirusand
antispywarevendors,products,andtheirreleases,theNACAgentsreceiveanewantivirusandantispyware
library.IthelpsNACAgentstosupportneweradditions.OncetheNACAgentsretrievethissupport...

    Page 454

    Page 454 •IntheStandardSettingsarea,specifythetimeanddatetoprovideaccess. •IntheExceptionsarea,specifythetimeanddaterangetolimitaccess. Step 3ClickSubmit. Cisco Identity Services Engine Administrator Guide, Release 1.3 408 Create Time and Date Conditions 
    •IntheStandardSettingsarea,specifythetimeanddatetoprovideaccess.
•IntheExceptionsarea,specifythetimeanddaterangetolimitaccess.
Step 3ClickSubmit.
   Cisco Identity Services Engine Administrator Guide, Release 1.3
408
Create Time and Date Conditions

    Page 455

    Page 455 CHAPTER 19 Manage Authentication Policies •CiscoISEAuthenticationPolicies,page409 •SimpleAuthenticationPolicies,page412 •Rule-BasedAuthenticationPolicies,page414 •ProtocolSettingsforAuthentication,page419 •NetworkAccessService,page422 •CiscoISEActingasaRADIUSProxyServer,page424 •PolicyModes,page426 •ConfigureaSimpleAuthenticationPolicy,page427 •ConfigureaRule-BasedAuthenticationPolicy,page428 •PolicySets,page429 •AuthenticationPolicyBuilt-InConfigurations,page431 •ViewAuthenticationResults,page433 Cisco... 
    CHAPTER 19
Manage Authentication Policies
•CiscoISEAuthenticationPolicies,page409
•SimpleAuthenticationPolicies,page412
•Rule-BasedAuthenticationPolicies,page414
•ProtocolSettingsforAuthentication,page419
•NetworkAccessService,page422
•CiscoISEActingasaRADIUSProxyServer,page424
•PolicyModes,page426
•ConfigureaSimpleAuthenticationPolicy,page427
•ConfigureaRule-BasedAuthenticationPolicy,page428
•PolicySets,page429
•AuthenticationPolicyBuilt-InConfigurations,page431
•ViewAuthenticationResults,page433
Cisco...

    Page 456

    Page 456 •IdentitySource—Anidentitysourceoranidentitysourcesequencetobeusedforauthentication. Afterinstallation,adefaultidentityauthenticationpolicyisavailableinCiscoISEthatisusedfor authentications.Anyupdatestotheauthenticationpolicywilloverridethedefaultsettings. Policy Condition Evaluation Duringpolicyconditionevaluation,CiscoISEcomparesanattributewithavalue.Itispossibletorunintoa situationwheretheattributespecifiedinthepolicyconditionmaynothaveavalueassignedintherequest.... 
    •IdentitySource—Anidentitysourceoranidentitysourcesequencetobeusedforauthentication.
Afterinstallation,adefaultidentityauthenticationpolicyisavailableinCiscoISEthatisusedfor
authentications.Anyupdatestotheauthenticationpolicywilloverridethedefaultsettings.
Policy Condition Evaluation
Duringpolicyconditionevaluation,CiscoISEcomparesanattributewithavalue.Itispossibletorunintoa
situationwheretheattributespecifiedinthepolicyconditionmaynothaveavalueassignedintherequest....

    Page 457

    Page 457 ◦Certificateauthenticationprofile •Identitysourcesequences—Asequenceofidentitydatabasesthatisusedforauthentication. Bydefault,theidentitysourcethatCiscoISEwilllookupforuserinformationistheinternalusersdatabase. Types of Authentication Failures—Failovers Ifyouchoosetheidentitymethodasdenyaccess,arejectmessageissentasaresponsetotherequest.Ifyou chooseanidentitydatabaseoranidentitysourcesequenceandtheauthenticationsucceeds,theprocessing... 
    ◦Certificateauthenticationprofile
•Identitysourcesequences—Asequenceofidentitydatabasesthatisusedforauthentication.
Bydefault,theidentitysourcethatCiscoISEwilllookupforuserinformationistheinternalusersdatabase.
Types of Authentication Failures—Failovers
Ifyouchoosetheidentitymethodasdenyaccess,arejectmessageissentasaresponsetotherequest.Ifyou
chooseanidentitydatabaseoranidentitysourcesequenceandtheauthenticationsucceeds,theprocessing...

    Page 458

    Page 458 •FailoverOptions—YoucandefinewhatcourseofactionCiscoISEshouldtakeiftheauthentication fails,theuserisnotfound,oriftheprocessfails. Simple Authentication Policies Asimpleauthenticationpolicyallowsyoutostaticallydefinetheallowedprotocolsandtheidentitysource oridentitysourcesequencethatCiscoISEshoulduseforcommunication.Youcannotdefineanycondition forsimplepolicies.CiscoISEassumesthatallconditionsaremetandusesthefollowingdefinitionsto determinetheresult:... 
    •FailoverOptions—YoucandefinewhatcourseofactionCiscoISEshouldtakeiftheauthentication
fails,theuserisnotfound,oriftheprocessfails.
Simple Authentication Policies
Asimpleauthenticationpolicyallowsyoutostaticallydefinetheallowedprotocolsandtheidentitysource
oridentitysourcesequencethatCiscoISEshoulduseforcommunication.Youcannotdefineanycondition
forsimplepolicies.CiscoISEassumesthatallconditionsaremetandusesthefollowingdefinitionsto
determinetheresult:...

    Page 459

    Page 459 Simple Authentication Policy Flow Figure 28: Simple Authentication Policy Flow Theresultofasimplepolicycanbeanyoneofthefollowing: •Authenticationpassed •Authenticationfailed Anauthenticationcanfailhappensduetoanyofthefollowingreasons: •Badcredentialsordisableduser. •Usernotfound. Cisco Identity Services Engine Administrator Guide, Release 1.3 413 Simple Authentication Policies 
    Simple Authentication Policy Flow
Figure 28: Simple Authentication Policy Flow
Theresultofasimplepolicycanbeanyoneofthefollowing:
•Authenticationpassed
•Authenticationfailed
Anauthenticationcanfailhappensduetoanyofthefollowingreasons:
•Badcredentialsordisableduser.
•Usernotfound.
Cisco Identity Services Engine Administrator Guide, Release 1.3    
413
Simple Authentication Policies

    Page 460

    Page 460 •Authenticationprocessfails. Guidelines for Configuring Simple Authentication Policies Followtheseguidelineswhenconfiguringsimpleauthenticationpolicies: •IfyouwishtousetheRADIUSserversequence,thenyoumustdefinethisaccessservicebeforeyou definethepolicy. •Ifyourusersaredefinedinexternalidentitysources,ensurethatyouhaveconfiguredtheseidentity sourcesinCiscoISEbeforeyoudefinethepolicy. •Ifyouwanttouseanidentitysourcesequenceforauthenticatingusers,ensurethatyouhavecreatedthe... 
    •Authenticationprocessfails.
Guidelines for Configuring Simple Authentication Policies
Followtheseguidelineswhenconfiguringsimpleauthenticationpolicies:
•IfyouwishtousetheRADIUSserversequence,thenyoumustdefinethisaccessservicebeforeyou
definethepolicy.
•Ifyourusersaredefinedinexternalidentitysources,ensurethatyouhaveconfiguredtheseidentity
sourcesinCiscoISEbeforeyoudefinethepolicy.
•Ifyouwanttouseanidentitysourcesequenceforauthenticatingusers,ensurethatyouhavecreatedthe...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals