F5, Cisco ISE and EAP-TLS
Hi, We are in the process of migrating our ISE infrastructure(AAA servers) from cisco ACE to F5. We followed Craig Hyps document for the configuring F5 LB. https://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-95-Cisco_and_F5_Deployment_Guide-ISE_Load_Balancing_Using_BIG-IP.pdf All looks ok except EAP-TLS authentication. (PEAP user/computer works fine) In the document there is nothing special mentioned that needs to be done for TLS. I think it may be related to fragmentation but not sure. I can also add here that if we point the NAD's to the PSN directly it works. The problem is only when we use the VIP. (PEAP work with the VIP also) Do you know if something special needs to be done on the F5 for EAP-TLS to work. Any information or hint is appreciated. Thanks, Laszlo
Big IP APM EAP-TLS integration
Dear all, I am looking for a way to implement the APM with two factor authentication for different remote clients(Windows, Iphone, Symbian etc). Now I am thinking about deploying a Microsoft Network Policy Server (NPS) for RADIUS authentication and a Certificate Authority(CA) for certificate distribution, because we would like to use EAP-TLS as the authentication protocol. This protocol is more secure than PEAP for example. Anyone experience with this setup? Can anyone share some information or links with information I can use in the designing process? Any help will be appreciated. Thanks, Marvin