Avatar of Jordan Taylor
Jordan Taylor
Flag for United States of America asked on

Cisco ISE filtering devices

Working on a project, need to restricted access to a network. end users that our domain joined, as well as mobile users, can access the network.  i.e "users that have the Cisco any connect app" using AD credentials.

What would be best practice for restricting access for the mobile users?

These are some methods I have come across.

MDM Server - This would not work in this case, due to the fact that most of the devices are not owned by the company.
CA Certs
GPO
Profiling in ISE - Not sure if this works how I am thinking it would.

Any input in the would be greatly appreciated.
CiscoNetworkingNetwork SecuritySecurity

Avatar of undefined
Last Comment
Jordan Taylor

8/22/2022 - Mon
Pete Long

ISE is an expensive prospect? If its restricting access for mobile users only then Simply securing AnyConnect with Certs is the way to go, this means you need to ,manually issue certs to non company owned devices though?

With ISE you can create an enrolment portal for certificates, for non domain joined devices.

Pete
Jordan Taylor

ASKER
Thanks, Pete,

Okay, currently users are accessing the network through Cisco Anyconnect. I would like to restrict that in some way or form.

So since Cisco ISE is already in place this would probably be the best case solution at this point. I found the following documentation for Cert templates within Cisco ISE. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html

Is this what you were referring to? And from there I can push out certs for PC and Mobile devices as well.
ASKER CERTIFIED SOLUTION
Pete Long

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jordan Taylor

ASKER
Thanks for your assistance!
Your help has saved me hundreds of hours of internet surfing.
fblack61