Tks for the insight Tyson: slight correction: there is an ISE physical appliance that supports inline posture mode (the VM/ESX version works as you described, and is not inline). Possibly the VM version is too slow/not designed to support inline work.
It's interesting that Cisco has embraced VM/ESX versions of software - ACS 5.x too. With luck that enables crippled student/study versions in the future. Any CCIE Security refresh with NAC appliance, ACS 5.x, ISE, IOS 15 will cost a fortune to setup (not that CCIE Sec v3 is cheap by any means...). Regards Richard On Sat, Jun 25, 2011 at 2:27 PM, Tyson Scott <[email protected]> wrote: > ISE is actually in my opinion more like ACS 5.X without TACACS+ but with > additional new features. TrustSec (The term used for ISE architecture) is > actually more like NAC Framework in my opinion as the NAD is used as the > enforcement point much like NAC framework. You will never see an ISE > appliance running in inline mode it is always a RADIUS authorization point > pushing policies to NAD. So in this regard it is actually somewhat of an > advantage that you get pounded with NAC framework in the IPexpert workbooks > because you will have a good start with understanding the implementation of > TrustSec.**** > > ** ** > > Now obviously there are a lot more features and the integration with the > Anyconnect client is much better than NAC Framework but it is not something > that should be implemented without a good game plan.**** > > ** ** > > There are many things that can be used like profiling of devices on the > network to better roll it out and not affect devices that do not support > supplicants.**** > > ** ** > > In my opinion it is finally a product that is ready for prime time unlike > its predecessors that were really never fully baked. I think there still > needs to be a little more work in helping with the a successful rollout but > it is better than it has ever been before.**** > > ** ** > > Regards,**** > > **** > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130**** > > ** ** > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com*** > * > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Richard Chan > *Sent:* Thursday, June 23, 2011 9:20 PM > *To:* CCIE Security Maillist > *Subject:* [OSL | CCIE_Security] [OT] Has any one tried Cisco ISE 1.0?**** > > ** ** > > Has anyone tried Cisco ISE 1.0 in testing or production? > > Any comments on it's usefulness? > > It seems to be a hybrid between the Secure ACS 5.x series and NAC > Appliance. > Do you get the best of both worlds or are there situations where you would > still prefer the specialized products (NAC Appliance, ACS 5.2). > For the agent-side, ISE seems to be reusing the Cisco NAC Agent so all > current Windows platforms are covered (c.f. NAC Framework - > CTA was only updated to Windows XP and just EoL'ed.). > > Regards > Richard**** >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
