0% found this document useful (0 votes)

1K views26 pages

Cisco ISE Architecture

Uploaded by

ridwan faris

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views26 pages

Cisco ISE Architecture

Uploaded by

ridwan faris

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 26

Cisco ISE Architecture

July 2022

Div. Service Delivery Activation

Dept. ICT Infrastructure –
Del & Ops-Div. ICT Delivery & Ops

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

About me

Achmad Faesal
Computer Degree – Budi Luhur University (2008 – 2014)
[email protected] / [email protected]
+62 858 1136 9575
www.linkedin.com/in/acfaesal/

Experience
▪ 4 Years in Telco Network
▪ 3+ Years in Enterprises Network (Network & Security)
▪ 2 Years in Oil and Gas Company Network (Onshore & Offshore)

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Overview of Cisco ISE

Cisco ISE
• Network Access Control
• Policy Enforcement Platform

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Personas & Appliances

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Personas & Appliances (cont.)

ISE Appliances Option

Appliance Virtual Machines

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Multi-Node Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Multi-Node Deployment (cont.)

• Applies to both physical and virtual deployment

• Compatible with load balancers

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Multi-Node Deployment (cont.)

Standalone / Small Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Multi-Node Deployment (cont.)

Medium Deployment

DC DRC

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Multi-Node Deployment (cont.)

Large Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Network Devices Administration

Different Access Based on Role

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Network Devices Administration (cont.)

Authorization Options (Privileges and Permissions)

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Network Devices Administration (cont.)

Device Administration policy best practice

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Identity Sources

Internal Identity Source

▪ ISE Internal Identity

External Identity Source

▪ Active Directory
▪ LDAP Servers
▪ SQL Server
▪ Postgre SQL

Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

Study Case - Wired

Wired Access

Wired Connection Using 802.1X

▪ Finance are connected to
Switch A using VLAN 30

▪ HR are connected to Switch B

using VLAN 40

Study Case - Wireless

Wireless on Enterprise Network

Wireless Connection
▪ Employee Using 802.1X
▪ Internal & Internet

▪ Guest Using Mac

Authentication Bypass (MAB)
Authentication
Internet Traffic ▪ Internet Only

Study Case – Wireless (cont.)

Guest Point of View

*Actual user experience may vary depending on ISE Portal setting

VPN Access

VPN Access Policy

▪ Employee users have unlimited
access to all internal servers

▪ External users have limited access

to particular servers

User Groups Authentication Server A Server B

Employee VPN – Passed Permit Permit
External VPN – Passed Deny Permit

Thank you

Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
No ratings yet
Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
4 pages
Exam Questions 350-701: Implementing and Operating Cisco Security Core Technologies
No ratings yet
Exam Questions 350-701: Implementing and Operating Cisco Security Core Technologies
7 pages
Cisco Ise Training
No ratings yet
Cisco Ise Training
2 pages
Cisco Identity Services Engine (ISE) v3.1: Common Criteria Operational User Guidance and Preparative Procedures
No ratings yet
Cisco Identity Services Engine (ISE) v3.1: Common Criteria Operational User Guidance and Preparative Procedures
148 pages
Introduction To Security Slidedeck
No ratings yet
Introduction To Security Slidedeck
12 pages
CCIE Routing & Switching V4 Guide
No ratings yet
CCIE Routing & Switching V4 Guide
16 pages
SGOS 72 Admin Guide PDF
No ratings yet
SGOS 72 Admin Guide PDF
1,552 pages
Better Practices For Guest Networks On Cisco Catalyst Wireless - BRKEWN-2284
No ratings yet
Better Practices For Guest Networks On Cisco Catalyst Wireless - BRKEWN-2284
106 pages
IOS XE 16.9 - Programmability - CG
No ratings yet
IOS XE 16.9 - Programmability - CG
204 pages
Network Configuration Overview
No ratings yet
Network Configuration Overview
1 page
Cisco SISE Certification Overview
No ratings yet
Cisco SISE Certification Overview
55 pages
Fortinet NSE
No ratings yet
Fortinet NSE
16 pages
ZTNA HOL Guide 7.2.5 v1.0.0
No ratings yet
ZTNA HOL Guide 7.2.5 v1.0.0
138 pages
07 - Cisco Secure Network Access Solutions (Cisco ISE)
No ratings yet
07 - Cisco Secure Network Access Solutions (Cisco ISE)
90 pages
02-Cisco ISE Use Cases
No ratings yet
02-Cisco ISE Use Cases
36 pages
Cisco ISE NAC Training Guide
No ratings yet
Cisco ISE NAC Training Guide
85 pages
Asa 2100 Fxos Config
No ratings yet
Asa 2100 Fxos Config
108 pages
Automating ACI With Ansible
No ratings yet
Automating ACI With Ansible
59 pages
CCNP Security 300-725 SWSA Dumps
No ratings yet
CCNP Security 300-725 SWSA Dumps
11 pages
Cisco DNA Subscription Software For SD-WAN and Routing FAQ Nb-06-Dna-Sw-Rout-Sub-Faq-Ctp-En
No ratings yet
Cisco DNA Subscription Software For SD-WAN and Routing FAQ Nb-06-Dna-Sw-Rout-Sub-Faq-Ctp-En
13 pages
Identity Services Engine Implementation Subscription Service
No ratings yet
Identity Services Engine Implementation Subscription Service
6 pages
New - CCIE Security Table of Contents
No ratings yet
New - CCIE Security Table of Contents
26 pages
PDF CCNP SWITCH Lab Manual (2nd Edition) (Lab Companion) Free Download and Read Online
No ratings yet
PDF CCNP SWITCH Lab Manual (2nd Edition) (Lab Companion) Free Download and Read Online
6 pages
ASA Firepower NGFW Typical Deployment Scenarios
No ratings yet
ASA Firepower NGFW Typical Deployment Scenarios
114 pages
UCOPIA White Paper PDF
100% (1)
UCOPIA White Paper PDF
85 pages
Cisco Prime Collaboration Deployment
No ratings yet
Cisco Prime Collaboration Deployment
39 pages
BRKSEC-2691 IBNS 2.0 - New-Style 802.1X and More
No ratings yet
BRKSEC-2691 IBNS 2.0 - New-Style 802.1X and More
68 pages
Trend Micro TippingPoint NX-Platform Best Practices Guide
No ratings yet
Trend Micro TippingPoint NX-Platform Best Practices Guide
55 pages
NFV Solutions for Telecom Providers
No ratings yet
NFV Solutions for Telecom Providers
17 pages
Latest 300-710 Cisco Dumps Download
No ratings yet
Latest 300-710 Cisco Dumps Download
5 pages
EAP Protocol
No ratings yet
EAP Protocol
7 pages
Fortigate Traffic Shaping 40 mr2 PDF
No ratings yet
Fortigate Traffic Shaping 40 mr2 PDF
56 pages
Websense ESGA v76 201 Student Guide
No ratings yet
Websense ESGA v76 201 Student Guide
202 pages
How-To 103 Implement Cisco ISE Server Side Certificates
100% (1)
How-To 103 Implement Cisco ISE Server Side Certificates
29 pages
Checkpoint R65 QoS Admin Guide
No ratings yet
Checkpoint R65 QoS Admin Guide
220 pages
Ethernet Services for Network Engineers
No ratings yet
Ethernet Services for Network Engineers
15 pages
Configuring Cisco Modular Policy Framework
No ratings yet
Configuring Cisco Modular Policy Framework
10 pages
Sdwan CR Book
No ratings yet
Sdwan CR Book
1,432 pages
Lab 7: 802.1X: Wireless Networks
No ratings yet
Lab 7: 802.1X: Wireless Networks
13 pages
Cisco Dna Center User Guild 2 3 3
No ratings yet
Cisco Dna Center User Guild 2 3 3
712 pages
Captive Portal Configuration Guide: White Paper
No ratings yet
Captive Portal Configuration Guide: White Paper
18 pages
Trend Micro TippingPoint Security Management System (SMS) High Availability Troubleshooting and Best Practices
No ratings yet
Trend Micro TippingPoint Security Management System (SMS) High Availability Troubleshooting and Best Practices
14 pages
Policies Book Xe Sdwan
No ratings yet
Policies Book Xe Sdwan
230 pages
Lab 1: ISE Familiarization and Certificate Usage
No ratings yet
Lab 1: ISE Familiarization and Certificate Usage
15 pages
High Availability Troubleshooting Guide
No ratings yet
High Availability Troubleshooting Guide
41 pages
Cisco FireSight NRFU
No ratings yet
Cisco FireSight NRFU
16 pages
Posture Cisco ISE
No ratings yet
Posture Cisco ISE
146 pages
Cisco Sdwan Design Guide
No ratings yet
Cisco Sdwan Design Guide
102 pages
Cisco ASA & Firepower Firewall Overview
No ratings yet
Cisco ASA & Firepower Firewall Overview
597 pages
Check Point Certified Security Admin Exam Guide
No ratings yet
Check Point Certified Security Admin Exam Guide
142 pages
Cisco ACI With F5 ServiceCenter Lab v3
No ratings yet
Cisco ACI With F5 ServiceCenter Lab v3
92 pages
Sophos-Firewall-Brochure
No ratings yet
Sophos-Firewall-Brochure
39 pages
Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End
No ratings yet
Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End
77 pages
FTD TF PDF
No ratings yet
FTD TF PDF
161 pages
ClearPass Profiling
No ratings yet
ClearPass Profiling
24 pages
Software Upgrade Procedure September 23, 2020
No ratings yet
Software Upgrade Procedure September 23, 2020
23 pages
ISE High Level Design (HLD) - Cisco Community
100% (1)
ISE High Level Design (HLD) - Cisco Community
20 pages
Data - Sheet - Cisco Identity Services Engine (ISE) PDF
No ratings yet
Data - Sheet - Cisco Identity Services Engine (ISE) PDF
6 pages
ABC Bank Staff Training Guide
No ratings yet
ABC Bank Staff Training Guide
13 pages
1048 Duplex Color Image Reader Unit-C1 PC Rev0 052510
No ratings yet
1048 Duplex Color Image Reader Unit-C1 PC Rev0 052510
78 pages
NEP Note
No ratings yet
NEP Note
6 pages
Postal Services Ready Reckoner 2021
No ratings yet
Postal Services Ready Reckoner 2021
162 pages
Exam Grade 9 3rd
No ratings yet
Exam Grade 9 3rd
3 pages
BSIM 4020 Syllabus
No ratings yet
BSIM 4020 Syllabus
7 pages
Syllabus For BCom SEC
No ratings yet
Syllabus For BCom SEC
12 pages
Practical 02
No ratings yet
Practical 02
4 pages
ISL-G - Fuel Systems - Level Two - SourceFile - 092614 PDF
100% (1)
ISL-G - Fuel Systems - Level Two - SourceFile - 092614 PDF
81 pages
Tall Walls-E PDF
100% (1)
Tall Walls-E PDF
66 pages
LeelineSourcing Ultimate Guide For Importing From China Guide
No ratings yet
LeelineSourcing Ultimate Guide For Importing From China Guide
34 pages
Exercise (8) - Effective Index Method Exercise
No ratings yet
Exercise (8) - Effective Index Method Exercise
2 pages
IELTS Joint Funded Research Program Application Form
No ratings yet
IELTS Joint Funded Research Program Application Form
4 pages
Cambridge IGCSE: October/November 2021 Hour 45 Minutes 1
No ratings yet
Cambridge IGCSE: October/November 2021 Hour 45 Minutes 1
3 pages
Industrial Safety Engineering Course
No ratings yet
Industrial Safety Engineering Course
10 pages
CASA Group Knowledge Question Data
No ratings yet
CASA Group Knowledge Question Data
15 pages
How To Trade Complex Consolidations - The Blog of Adam H Grimes
No ratings yet
How To Trade Complex Consolidations - The Blog of Adam H Grimes
5 pages
Class Meeting 14 Confirming An Order Letter
No ratings yet
Class Meeting 14 Confirming An Order Letter
9 pages
Domino Server Installation On Linux
No ratings yet
Domino Server Installation On Linux
8 pages
ScintCare CT 16 Service Manual Rev.D en
No ratings yet
ScintCare CT 16 Service Manual Rev.D en
214 pages
2019 Printable Occ Fyb Map
No ratings yet
2019 Printable Occ Fyb Map
1 page
ATA'2025 Updated
No ratings yet
ATA'2025 Updated
10 pages
Bank of America: Financial Intermediary Role
No ratings yet
Bank of America: Financial Intermediary Role
32 pages
Kinetico Brochue Lagos 2019
No ratings yet
Kinetico Brochue Lagos 2019
68 pages
Triaxial Test Swelling Rock
No ratings yet
Triaxial Test Swelling Rock
4 pages
Cool Mist Humidifier
No ratings yet
Cool Mist Humidifier
4 pages
Joinder Hypo
No ratings yet
Joinder Hypo
2 pages
I-130 Document Checklist for Spouses
No ratings yet
I-130 Document Checklist for Spouses
2 pages
10 Step System To Building A Cashcow Brand (Update Nov 23)
No ratings yet
10 Step System To Building A Cashcow Brand (Update Nov 23)
37 pages
Loctite Hydx-20-En
No ratings yet
Loctite Hydx-20-En
3 pages

Cisco ISE Architecture

Uploaded by

Cisco ISE Architecture

Uploaded by

Cisco ISE Architecture

Div. Service Delivery Activation

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

ISE Appliances Option

Appliance Virtual Machines

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

• Applies to both physical and virtual deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Standalone / Small Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Different Access Based on Role

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Authorization Options (Privileges and Permissions)

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Device Administration policy best practice

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Internal Identity Source

External Identity Source

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Wired Connection Using 802.1X

▪ HR are connected to Switch B

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Wireless on Enterprise Network

▪ Guest Using Mac

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

Guest Point of View

*Actual user experience may vary depending on ISE Portal setting

VPN Access Policy

▪ External users have limited access

User Groups Authentication Server A Server B

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

You might also like