Hi,

kachavda · ‎02-23-2017

Hello Experts,

I am experiencing two issues with the CWS and AnyConnect deployment in my lab.

First issue,

The physical machine can’t get correct policy based on groups. The machine is a part of all of the groups mentioned in the image attached.

Based on the first policy, CWS should block access to the sites of politics and weapons categories. Instead the CWS applies 2^nd and 3^rd policy when a machine tries to access it.

Second Issue,

I have installed CWS and AnyConnect module on one virtual machine. The VM is not pulling up all of the group information.

See the screenshot of "gpresult" and "whoami" output in the attached file.

I have deployed it in different physical and virtual machines but I am still facing the same issues in it.

Any help is appreciated!

Edan Mudachi · ‎02-23-2017

Hi Kashyap,

I would recommend opening a TAC case so that an engineer can assist you on this issue accordingly (as it is not a simple answer at face value).

Sincerely,

Edan Mudachi

kachavda · ‎02-23-2017

Hello Edan,

I have already opened up a TAC case (SR 681510072). The TAC suggested me to involve SDM team.

Regards,

Kashyap

kushsriva · ‎03-02-2017

Hi,

To verify the policy being matched, you can use the URL http://policytrace.scansafe.net and enter a test URL.

For the second issue, it seems that "Authentication Profile" has not been configured correct in the AnyConnect Profile editor.

So refer to "

Configure Authentication and Sending Group Memberships to the Cisco Cloud Web Security Proxy" to verify the configuration.

Thanks & Regards,

Kush

CWS and AnyConnect Connector Deployment Issues