Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 761

    Page 761 Posture Reassessment Configuration Settings ThefollowingtabledescribesthefieldsinthePostureReassessmentConfigurationsPage,whichyoucanuse toconfigureposturereassessment.Thenavigationpathforthispageis:Administration>System>Settings >Posture>Reassessments. Table 71: Posture Reassessment Configuration Settings Usage GuidelinesFields EnterthenameofPRAconfiguration.ConfigurationName EnteradescriptionforPRAconfiguration.ConfigurationDescription CheckthecheckboxtoapplythePRAconfigurationsfortheuseridentity... 
    Posture Reassessment Configuration Settings
ThefollowingtabledescribesthefieldsinthePostureReassessmentConfigurationsPage,whichyoucanuse
toconfigureposturereassessment.Thenavigationpathforthispageis:Administration>System>Settings
>Posture>Reassessments.
Table 71: Posture Reassessment Configuration Settings
Usage GuidelinesFields
EnterthenameofPRAconfiguration.ConfigurationName
EnteradescriptionforPRAconfiguration.ConfigurationDescription
CheckthecheckboxtoapplythePRAconfigurationsfortheuseridentity...

    Page 762

    Page 762 Usage GuidelinesFields Enteratimeintervalinminutestoallowtheclienttocompleteremediation. Thegracetimecannotbezero,andshouldbegreaterthanthePRAinterval. Itcanrangebetweenthedefaultminimuminterval(5minutes)andthe minimumPRAinterval. Theminimumvalueis5minutesandthemaximumvalueis60minutes. Thegracetimeisenabledonlywhentheenforcementtypeissetto remediateactionaftertheclientfailstheposturereassessment. Note Gracetime ChooseauniquegrouporauniquecombinationofgroupsforyourPRA configuration.... 
    Usage GuidelinesFields
Enteratimeintervalinminutestoallowtheclienttocompleteremediation.
Thegracetimecannotbezero,andshouldbegreaterthanthePRAinterval.
Itcanrangebetweenthedefaultminimuminterval(5minutes)andthe
minimumPRAinterval.
Theminimumvalueis5minutesandthemaximumvalueis60minutes.
Thegracetimeisenabledonlywhentheenforcementtypeissetto
remediateactionaftertheclientfailstheposturereassessment.
Note
Gracetime
ChooseauniquegrouporauniquecombinationofgroupsforyourPRA
configuration....

    Page 763

    Page 763 Usage GuidelinesFields Whenselected,youmustbrowsetothelocationanduploadafileina zippedformatintheAUPFile,whichcontainstheindex.htmlatthetop level. The.zipfilecanincludeotherfilesandsubdirectoriesinadditiontothe index.htmlfile.ThesefilescanreferenceeachotherusingHTMLtags. UsefileforAUPmessageradio button EntertheURLtotheAUP,whichclientsmustaccessuponsuccessful authenticationandpostureassessment. AUPURL IntheAUPFile,browsetothefileanduploadittotheCiscoISEserver.... 
    Usage GuidelinesFields
Whenselected,youmustbrowsetothelocationanduploadafileina
zippedformatintheAUPFile,whichcontainstheindex.htmlatthetop
level.
The.zipfilecanincludeotherfilesandsubdirectoriesinadditiontothe
index.htmlfile.ThesefilescanreferenceeachotherusingHTMLtags.
UsefileforAUPmessageradio
button
EntertheURLtotheAUP,whichclientsmustaccessuponsuccessful
authenticationandpostureassessment.
AUPURL
IntheAUPFile,browsetothefileanduploadittotheCiscoISEserver....

    Page 764

    Page 764 EAP-FAST Settings ThefollowingtabledescribesthefieldsontheProtocolSettingspage,whichyoucanusetoconfigurethe EAP-FAST,EAP-TLS,andPEAPprotocols.Thenavigationpathforthispageis:Administration>System >Settings>Protocols>EAP-FAST>EAPFASTSettings. Table 73: Configuring EAP-FAST Settings Usage GuidelinesFields Enterauser-friendlystringthatdescribestheCiscoISEnodethatsends credentialstoaclient.TheclientcandiscoverthisstringintheProtected AccessCredentials(PAC)informationfortype,length,andvalue(TLV).... 
    EAP-FAST Settings
ThefollowingtabledescribesthefieldsontheProtocolSettingspage,whichyoucanusetoconfigurethe
EAP-FAST,EAP-TLS,andPEAPprotocols.Thenavigationpathforthispageis:Administration>System
>Settings>Protocols>EAP-FAST>EAPFASTSettings.
Table 73: Configuring EAP-FAST Settings
Usage GuidelinesFields
Enterauser-friendlystringthatdescribestheCiscoISEnodethatsends
credentialstoaclient.TheclientcandiscoverthisstringintheProtected
AccessCredentials(PAC)informationfortype,length,andvalue(TLV)....

    Page 765

    Page 765 Usage GuidelinesFields ClickthisradiobuttontogenerateaTrustsecPAC.TrustsecPAC (FortheTunnelandMachinePACidentityfield)Specifiestheusernameormachine namethatispresentedasthe“innerusername”bytheEAP-FASTprotocol.Iftheidentity stringdoesnotmatchthatusername,authenticationfails.Thisisthehostnameasdefined ontheAdaptiveSecurityAppliance(ASA).TheidentitystringmustmatchtheASA hostnameotherwise,ASAcannotimportthePACfilethatisgenerated.Ifyouare generatingaTrustsecPAC,theIdentityfieldspecifiestheDeviceIDofaTrustsec... 
    Usage GuidelinesFields
ClickthisradiobuttontogenerateaTrustsecPAC.TrustsecPAC
(FortheTunnelandMachinePACidentityfield)Specifiestheusernameormachine
namethatispresentedasthe“innerusername”bytheEAP-FASTprotocol.Iftheidentity
stringdoesnotmatchthatusername,authenticationfails.Thisisthehostnameasdefined
ontheAdaptiveSecurityAppliance(ASA).TheidentitystringmustmatchtheASA
hostnameotherwise,ASAcannotimportthePACfilethatisgenerated.Ifyouare
generatingaTrustsecPAC,theIdentityfieldspecifiestheDeviceIDofaTrustsec...

    Page 766

    Page 766 Related Topics ProtocolSettingsforAuthentication,onpage419 ConfigureEAP-TLSSettings,onpage420 PEAP Settings ThefollowingtabledescribesthefieldsonthePEAPSettingspage,whichyoucanusetoconfigurethePEAP protocolsettings.Thenavigationpathforthispageis:Administration>System>Settings>Protocols> PEAP. Table 76: PEAP Settings Usage GuidelinesFields CheckthischeckboxfortheCiscoISEtocachetheTLSsessionthatiscreatedduring phaseoneofPEAPauthentication,providedtheusersuccessfullyauthenticatesinphase... 
    Related Topics
ProtocolSettingsforAuthentication,onpage419
ConfigureEAP-TLSSettings,onpage420
PEAP Settings
ThefollowingtabledescribesthefieldsonthePEAPSettingspage,whichyoucanusetoconfigurethePEAP
protocolsettings.Thenavigationpathforthispageis:Administration>System>Settings>Protocols>
PEAP.
Table 76: PEAP Settings
Usage GuidelinesFields
CheckthischeckboxfortheCiscoISEtocachetheTLSsessionthatiscreatedduring
phaseoneofPEAPauthentication,providedtheusersuccessfullyauthenticatesinphase...

    Page 767

    Page 767 CiscoISEallowsyoutoenablestrongsuppressionbyenablingtheRejectRequestsAfterDetectionoption. IfyouchecktheRejectRequestsAfterDetectioncheckbox,andanendpointauthenticationfailsfivetimes withthesamefailurereason,CiscoISEactivatesstrongsuppression.Allsubsequentauthentications,whether successfulornot,aresuppressed,andauthenticationdoesnotoccur.This“strong”suppressionisclearedafter theconfiguredRequestRejectionIntervalelapsesoraftersixhoursofauthenticationinactivityfromthe endpoint. Table 77: RADIUS Settings... 
    CiscoISEallowsyoutoenablestrongsuppressionbyenablingtheRejectRequestsAfterDetectionoption.
IfyouchecktheRejectRequestsAfterDetectioncheckbox,andanendpointauthenticationfailsfivetimes
withthesamefailurereason,CiscoISEactivatesstrongsuppression.Allsubsequentauthentications,whether
successfulornot,aresuppressed,andauthenticationdoesnotoccur.This“strong”suppressionisclearedafter
theconfiguredRequestRejectionIntervalelapsesoraftersixhoursofauthenticationinactivityfromthe
endpoint.
Table 77: RADIUS Settings...

    Page 768

    Page 768 TrustSec Settings YoumustdefinetheglobalTrustSecsettingsforCiscoISEtofunctionasaTrustSecserverandprovide TrustSecservices.ThefollowingtabledescribesthefieldsintheTrustSecSettingswindow(Administration >System>Settings>TrustSecSettings). Table 78: Configuring TrustSec Settings Usage GuidelinesFields SpecifytheexpirytimeforthePAC.ThetunnelPACgeneratesatunnelforthe EAP-FASTprotocol.Youcanspecifythetimeinseconds,minutes,hours,days, orweeks.Thedefaultvalueis90days.Thefollowingarethevalidranges:... 
    TrustSec Settings
YoumustdefinetheglobalTrustSecsettingsforCiscoISEtofunctionasaTrustSecserverandprovide
TrustSecservices.ThefollowingtabledescribesthefieldsintheTrustSecSettingswindow(Administration
>System>Settings>TrustSecSettings).
Table 78: Configuring TrustSec Settings
Usage GuidelinesFields
SpecifytheexpirytimeforthePAC.ThetunnelPACgeneratesatunnelforthe
EAP-FASTprotocol.Youcanspecifythetimeinseconds,minutes,hours,days,
orweeks.Thedefaultvalueis90days.Thefollowingarethevalidranges:...

    Page 769

    Page 769 Usage GuidelinesField (Optional) Entertheaccountaddress,whichisusedastheFROM address(typicallytheaccountaddress)fortheemail andoverridestheDefaultEmailAddressglobal settinginGuestAccess>Settings. Provideraccountaddress (Optional) EntertheSMTPAPIDestinationAddress,ifyouare usinganSMTPSMSAPIthatrequiresaspecific accountrecipientaddress,suchasClickatellSMTP API. ThisisusedastheTOaddressfortheemailandthe guestaccount'smobilenumberissubstitutedintothe message'sbodytemplate. SMTPAPIdestinationaddress... 
    Usage GuidelinesField
(Optional)
Entertheaccountaddress,whichisusedastheFROM
address(typicallytheaccountaddress)fortheemail
andoverridestheDefaultEmailAddressglobal
settinginGuestAccess>Settings.
Provideraccountaddress
(Optional)
EntertheSMTPAPIDestinationAddress,ifyouare
usinganSMTPSMSAPIthatrequiresaspecific
accountrecipientaddress,suchasClickatellSMTP
API.
ThisisusedastheTOaddressfortheemailandthe
guestaccount'smobilenumberissubstitutedintothe
message'sbodytemplate.
SMTPAPIdestinationaddress...

    Page 770

    Page 770 Usage GuidelinesField EntertheData(Urlencodedportion)fortheGETor POSTrequest. ThisfieldisURLencoded.IfusingthedefaultGET method,thedataisappendedtotheURLspecified above. Data(Urlencodedportion) IfusingthePOSTmethod,checkthisoption. Thedataspecifiedaboveisusedasthecontentofthe POSTrequest. UseHTTPPOSTmethodfordataportion IfusingthePOSTmethod,specifythecontenttype suchas"plain/text"or"application/xml". HTTPPOSTdatacontenttype Enterthisinformation.HTTPSUsername HTTPSPassword HTTPSHostname... 
    Usage GuidelinesField
EntertheData(Urlencodedportion)fortheGETor
POSTrequest.
ThisfieldisURLencoded.IfusingthedefaultGET
method,thedataisappendedtotheURLspecified
above.
Data(Urlencodedportion)
IfusingthePOSTmethod,checkthisoption.
Thedataspecifiedaboveisusedasthecontentofthe
POSTrequest.
UseHTTPPOSTmethodfordataportion
IfusingthePOSTmethod,specifythecontenttype
suchas"plain/text"or"application/xml".
HTTPPOSTdatacontenttype
Enterthisinformation.HTTPSUsername
HTTPSPassword
HTTPSHostname...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals