Solved: Unknown NAD for Security Scaning Server

Matthew Martin · ‎06-11-2019

Hello All,

ISE v2.3

We recently installed a Vulnerability Scanning server/virtual machine for PCI compliance stuff and ISE gave me a few warnings on days we ran scans.

It appears ISE is reporting the server IP Address as an Unknown Network Access Device. Is this normal?

The port where the VMware server is connected is not setup for ISE, so I'm also curious how ISE even knows about it as well..?

Thanks in Advance,

Matt

Damien Miller · ‎06-11-2019

This is the normal behavior I have seen with other scanners, so I would treat it as normal, as ISE is port scanned it think's that a NAD was attempting to communicate with it, but that NAD has not yet been added to the network devices DB. This alarm is also triggered if the radius secret key a NAD is using is not the same as configured in ISE.

View solution in original post

Damien Miller · ‎06-11-2019

This is the normal behavior I have seen with other scanners, so I would treat it as normal, as ISE is port scanned it think's that a NAD was attempting to communicate with it, but that NAD has not yet been added to the network devices DB. This alarm is also triggered if the radius secret key a NAD is using is not the same as configured in ISE.

Matthew Martin · ‎06-12-2019

Thanks for the explanation!

-Matt