Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
0
Helpful
1
Replies

Cisco IOS ISR G2 IP Admission for CWS: Shared Machine, Same IP

rafaelleao.89
Level 1
Level 1

‎09-21-2015 10:15 AM - edited ‎03-08-2019 05:37 PM

Hello.

 

I have a situation about IP admission using transparent NTLM.

I have a shared machine where a users logs on and after a random time, another user takes place logging on with it username/password.

But ISR have already authenticated this machine binding its IP address to the previous users and thus not refreshing this information, causing CWS to apply policies incorrectly to the new logged user.

Is there any known workaround to this? As far as I know the IP admission feature is not stateful.

 

Thanks in advance,

Rafael Leão

Labels:
0 Helpful
1 Reply 1

Ashok Sakthivel
Cisco Employee
Cisco Employee

‎11-24-2015 07:22 AM

Hi Rafael,

It is expected result , as the ISR caches the authenticated user for the default time of 60mins.

#sh ip admission cache
“Client Name user1, Client IP 192.168.1.10, Port 50240, timeout 60, Time Remaining 60, state ESTAB”

when user2  logs in to the same IP Address, unless  the timer expires on the ISR, it will continue to use user1 cached information.

Instead of IP admission feature in ISR ,  you can use EasyID (session based cookie) or SAML (auth with logon credential ) authentication in shared machine environment.

Please reach out to TAC for assistance.


Thanks and Regards,
Ashok Sakthivel.
(asakthiv@cisco.com)

0 Helpful
Customers Also Viewed These Support Documents