Cisco ISE temporal Agent

saxenanitesh8522 · ‎02-19-2019

Hi,

We are trying to do Cisco ISE TEmporal Agent, the agent is getting installed but it's keep's failing saying not able to find the policy server.

But the same configuration is working with Web agent where the agent is able to find and do the posture check.

I have configured posture policy for anyconnect and attached the same but it doesnt work while it works with web agent.

Thanks,

pan · ‎02-19-2019

Have you created redirect ACL on ASA? Does the redirect ACL have deny statement for PSN, DNS?

On ISE authorziation profile only the name of the ACL will be given and actual ACL will be present on ASA.

saxenanitesh8522 · ‎02-19-2019

Hi,

my redirect page is coming and downloading the temporal agent.

This is in the wireless

1. allowed all udp traffic

2. allow traffic from ISE nodes (4) policies in out

3. Deny all the traffic.

the same ACL is working for the webagent but not for temporal agent.

yes i do have firewall in between but there is nothing getting blocked between Subnet and ISE and vice-versa.

pan · ‎02-19-2019

Is your vpn and wireless user hitting same authz policy?

Did you create ACL on ASA? Could you share ACL content here.

saxenanitesh8522 · ‎02-19-2019

Temporal Agent --> is just for wireless and no VPN Users are using the same.

saxenanitesh8522 · ‎02-20-2019

Dear All,

I have tested the following scenario on the wireless:-

1. Windows 7 with Anyconnect and temporal Agent --> working properly
2. Windows 10 with web agent --> working properly
3. Windows 10 with temporal agent --> not working.

With windows 10 it keep's saying failed to find the policy server where as web agent is working properly.

I have tried with multiple version of Temporal Agent for Windows 10 it keep giving the same issue.