Integration with CISCO_ISE_APM

Question

Hi Team,&nbsp;
We utilized F5_APM for SSL_VPN, which is integrated with CISCO_ISE.&nbsp;
Query 1. &nbsp;
1.1 User-Database is managed by ISE, whether its Local or AD and its passed to F5 using Class Attributes, but F5 is failing to fetch any Dynamic ACL's created jn ISE, is there any suggestion , basically we wanted to put some Access-List based restrictions ?&nbsp;
1.2 Whenever we enable Password Change option at next Login' in Cisco ISE, F5 don't understand this and the authentication fail ?&nbsp;
If point 1 is not possible, as an alternative we created Access-List in F5_APM under Access Module,but is there no option to call any Group(where we can combine the destinations ?)

For example by using Data-Groups and somehow reference that in APM SSL-VPN Policy/Profile/VIP?&nbsp;

Regards
PZ&nbsp;

boneyard · Answer

1.1 - this looks to be possible, see: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-implementations-11-5-0/2.html&nbsp;
1.2 - the product* before APM didn't support this, can't find anything about APM. i would raise this with your local sales team or F5 support to double check.&nbsp;
*) https://support.f5.com/csp/article/K8525&nbsp;

Forum Discussion

Integration with CISCO_ISE_APM

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Access Troubleshooting: BIG-IP APM OIDC integration

Integrating the F5 BIGIP with Azure Sentinel

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Integrating with your IPv6 Kubernetes Cluster

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS