Hello team.... Actually I was looking for ISE series sessions from longtime but unable to find right one's, finally found this great series. Not sure whose efforts making of those slides but those have lot of connectivity from session to session and slide to slide. We really appreciate CISCO team and loved the way of teaching skills from Tomas. Thank you so much TEAM for your great efforts 🙏🙏🙏😎 Please continue to provide series of sessions further on ISE advance topics if possible.
Hello! I had a question about a case in particular It's a bit far-fetched, but in short, does this device allow scanning for VPN connections? For example: I have an ASA connected to a Radius server for 2nd factor and an Active Directory for user credentials, the ASA does a DHCP pool for VPN connections, but I can't scan users such as what type of operating system, version or software they have installed, information about the host in general. And in another case, is it possible to make rules or policies to not allow a connection of a host if doesn´t have the latest patches or patches of a specific date/time installed in the device? I hope not to disturb you with these doubts, I have in my plans to acquire an ISE but I would like to be more sure if it is what I am really looking for. By the way, thank tou very much for this content, im pretty interested in ISE and the capabilities. Greetings from Santiago of Chile.
Vicente, for your first questions about "scanning the host through VPN" I recommend you to watch a session about Profiling. Through probes ISE can get detailed information of the endpoint and classify them. And actually it connects perfectly with your second question about "checking patches of the endpoint trying to connect". Remember that ISE is a conextual AAA server, so with ISE and all of its uses cases you can know the "Who, What, where, how, when" and for your question the compliant status of the endpoint. So Watch a Posture session so you see how all these is achieved through ISE. Posture will allow you to check things like if a patch is installed or if an antivirus is up to date, and then grant a compliant status to give access or deny access if it is not compliant (Giving you the option to remediate)
