cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2367
Views
10
Helpful
11
Replies
Contributor

AnyConnect blank page when clicking download link

Hi Experts,

As a continuation from the previous post, I was able to tweak the posture redirect ACL to allow the redirection to work.Here

Now the user is able to get the redirect URL and is able to pass the first page.

So, user gets to this page:Download URL page.jpg

 

The he clicks the download link, he gets directed towards a blank page, there is no anyconnect download of package.

So, I checked the web page source, I saw that the download URL was not complete and did not include the FQDN and port of ISE server that we are connecting to, as here:


Download URL code.jpg

The question that I have is this normal behavior?

Am I missing anything on this ACL here?

rule 0 permit udp destination-port eq bootps
rule 5 permit udp destination-port eq bootpc
rule 10 permit udp destination-port eq dns
rule 15 permit ip destination <ISE Server> 0

 

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: AnyConnect blank page when clicking download link

Unfortunately this is not supported currently. With 2.4, dynamic URL feature support is limited to Cisco, HPE (Not H3C), and ArubaOS only. I suggest creating a TAC SR and reference CSCvn03432 (Dynamic URL feature support is limited to Cisco and HPE (ArubaOS) device). The defect is not visible to the public yet.

View solution in original post

Highlighted
Cisco Employee

Re: AnyConnect blank page when clicking download link

FYI, there are few workarounds noted in the defect:

Use static URL if 3rd party NAD supports it. Also, ISE 2.1 auth VLAN feature may be used instead. Lastly, if this is only for posture use case, ISE 2.2 can support URL-redirect-less flow for AnyConnect posture flow.

View solution in original post

11 REPLIES 11
Cisco Employee

Re: AnyConnect blank page when clicking download link

I believe this due to 3rd-party NAD and your specific configurations. I will check with our teams who are more familiar with such use case.

Cisco Employee

Re: AnyConnect blank page when clicking download link

Can you share how the 'redirect' setting on NAD profile is configured?

Contributor

Re: AnyConnect blank page when clicking download link

Here I using the HP wired NAD profile and have added this attribute: H3C-Web-URL for sending in redirect URLs. As it was suggested as per one of the configuration guides for HP.

Here is the redirect configuration form the NAD profile:

URL redirect 004.JPG

Also, I have seen in the live logs, that its sending cisco-av-pair is sending this value, as seen in the html code there:

https://ip:port/portal/gateway?mac=ClientMacValue&portal=e22de2a0-d5f2-11e8-821a-02429aa7df64&action=cpp

If I replace the IP and port with FQDN and 8443 manually, by copying the download works!

Cisco Employee

Re: AnyConnect blank page when clicking download link

Unfortunately this is not supported currently. With 2.4, dynamic URL feature support is limited to Cisco, HPE (Not H3C), and ArubaOS only. I suggest creating a TAC SR and reference CSCvn03432 (Dynamic URL feature support is limited to Cisco and HPE (ArubaOS) device). The defect is not visible to the public yet.

View solution in original post

Contributor

Re: AnyConnect blank page when clicking download link

Does that mean this also not works for Guest Redirection?

Since this is also one of the use cases that I am working for this client here.

 

Cisco Employee

Re: AnyConnect blank page when clicking download link

Correct. CSCvn03432 also applies to CWA.

Contributor

Re: AnyConnect blank page when clicking download link

Understood! The other solution that I see fit for this situation is using auth VLAN flow to allow, guest redirection as well as client provisioning.

Everyone's tags (1)
Contributor

Re: AnyConnect blank page when clicking download link

There is one more thing that I forgot to post in the previous reply was that, this is applicable for JunOS and H3C devices as well?
URL redirection or CWA cannot be configured for Juniper and H3C device, correct?

Everyone's tags (3)
Cisco Employee

Re: AnyConnect blank page when clicking download link

If you are referring to dynamic URL redirect (e.g. CWA), then correct, sending dynamic URL is only for Cisco and HPE (ArubaOS) devices so CSCvn03432 is applicable to any other NADs.

Highlighted
Cisco Employee

Re: AnyConnect blank page when clicking download link

FYI, there are few workarounds noted in the defect:

Use static URL if 3rd party NAD supports it. Also, ISE 2.1 auth VLAN feature may be used instead. Lastly, if this is only for posture use case, ISE 2.2 can support URL-redirect-less flow for AnyConnect posture flow.

View solution in original post

Contributor

Re: AnyConnect blank page when clicking download link

Thanks for the clarification.

Is there a certain format that I could use for static URL redirection?
If you have any could you refer the same if possible?

Everyone's tags (4)