cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

915
Views
0
Helpful
8
Replies
Highlighted
Enthusiast

Anyone using NMAP custom ports in profiling condition?

In ISE 2.1 Patch 3 I've created an NMAP scan to include customer ports (tcp 8000, 4767 and 8194) and the NMAP Extensions dictionary is updated, but the attribute names do not appear in the profiling conditions pull-down, so i cannot create the condition.

Also, what would the value be?

For a scan on tcp 8194, the endpoint has an attribute "8194-tcp" with value "sophos", but i cannot enter "8194-tcp" as a profiling condition attribute.

I'm aware of CSCvb31331 but we do not see the same symptoms.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: Anyone using NMAP custom ports in profiling condition?

Make sure you are selecting NMAPExtension...

/Craig

View solution in original post

8 REPLIES 8
Advocate

Re: Anyone using NMAP custom ports in profiling condition?

Make sure you are selecting NMAPExtension...

/Craig

View solution in original post

Enthusiast

Re: Anyone using NMAP custom ports in profiling condition?

Hi Craig. Yes, we are using NMAPExtension. I can see it's ok in your screenshot - what version is that?

I was trying 2.1 Patch 3.

I tried 2.1 Patch 2 on a lab setup and it worked.

I applied Patch 3 to this and it didn't work.

So I rolled back to Patch 2 and it worked again.

It must be a problem with Patch 3.

Cisco Employee

Re: Anyone using NMAP custom ports in profiling condition?

I tried it on my ISE 2.1 Patch 3 and it worked fine, with the steps described in the bug you cited. Mine is fresh install 2.1 and has Patch 3 only.

What is the history of your ISE in term of install, upgrade, and patching?

Enthusiast

Re: Anyone using NMAP custom ports in profiling condition?

There are five nodes - 2 Admin/Mon and 3 PSN-only.

Originally, for all nodes, we installed 2.1, then patch 1, and patch 2.

Then, due to a disk space problem on M nodes, we rebuilt both Admin/Mon as 2.1 then went straight to patch 2.

Then all nodes had patch 3 applied.

Enthusiast

Re: Anyone using NMAP custom ports in profiling condition?

We tried this today but there are a few oddities: we could not delete one profile condition based on a custom port, because it said it was referenced somewhere, but we could not find where.

We tried to delete the profile policy which had referenced this condition but got an error that a resource or child policy was using the associated identity group. Again, we could not find where.

We're going to reboot all nodes in a few days to see if this clears it.

if we removed Profiling Services from all PSN, would that cleanly remove the profiling config?

Cisco Employee

Re: Anyone using NMAP custom ports in profiling condition?

Removing profiling services would not help as PPAN has the master copy of the profiling policies and elements. If you really need them removed, then please engage Cisco TAC.

Advocate

Re: Anyone using NMAP custom ports in profiling condition?

ISE 2.1 Patch 1 is what I used and it worked fine.  Try removing the conditions referencing custom ports and then remove the nmap scan template.  You should see changes to the Profile Dictionary as you make changes.  When re-add the custom ports, you should see dictionary attributes appear.  This should then make them visible to profiler conditions as well.

Craig

Enthusiast

Re: Anyone using NMAP custom ports in profiling condition?

In my testing it worked in Patch 2 but then didn't work when Patch 3 was applied, but I rolled back to 2 then re-applied 3 and it did work.

We raised a TAC case which lead to bug ID CSCve51076. Hopefully it will be fixed in ISE 2.1 patch 4.