CSCvm68975 - ASA 9.8(2)38 ASA will not allow users to log in when ISE uses a DACL with more than 20 entries
I hope someone can help me here because with the TAC I do not have success right now.
We are using DACL for special VPN Users and some of the dACLs have more than 1000 lines. All dACLs which have less than 60 rows are working.
We have been investigating to see if ISE is passing the DACL to the ASA. The expected behavior is when ISE returns the result that includes the DACL the ASA will send an Access Request with the DACL name and then ISE will send the DACL in an Access Accept. We saw from the packet capture that due to the length of the DACL (1120 lines) it seems to be causing some trouble. Since ISE cannot send all of the DACL in one packet it sends the first 65 lines in an Access Challenge (instead of an Access Accept) and we do not get another response from the ASA. So, ISE only sends the first part and never sends the full DACL.
Upon further troubleshooting we were able to take a capture on ACS and we see the expected back and forth between ACS and the ASA.
Does anyone know which ASA version is working for this? We are using ISE 2.3 with patches 1,2,3,4,5 and ASA5525 with version 9.6(4)20 at the moment.
Users of Cisco's PRR (Product Returns and Replacement) tool will notice some minor changes to the layout and naming of certain fields in the "Site Information" page, starting on November 18th, 2019.
In addition to these User Interface (UI) formatting cha...
I'm having trouble performing a baremetal install of VIRL 1.6.65 on my Dell Server. I keep getting " failed Executing 'grub-install /dev/nvme0n1'. failed. this is a fatal error" I suspect it has something to do with the Partition Table: gpt.An...
I would like to introduce you to a new process flow called Intelligent RMA Experience (IRE), which is available for a select few product families.
As part of this process, we would like to leverage the CISCO Intellectual capital we have build over...
Welcome to Global Order Management RMA One Source Forum!
The objective of Global Order Management is to ensure every RMA (Returned Material Authorization) is delivered to our customers within agreed commitment. We do it by providing an...