04-05-2017 01:57 PM - edited 03-11-2019 12:36 AM
Dears,
i have a site-to-site vpn between HQ and branch, 802.1X works fine in HQ but it doesn't work for branch users i have enabled permit ip any any on the vpn access-list,i have only 1 ASA firewall and 1 Switch on the branch , i have added the switch in the ISE but not the ASA.
Anybody has experienced such issue
thanks
04-10-2017 12:42 PM
nobody in the world has come across such issue
04-25-2017 01:46 AM
is it I am asking something strange, if so please respond, and if not then nobody in the world has come across to such problem.
thanks
04-25-2017 02:26 AM
Hi Clark,
You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside? What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"? What is the ISE server reporting in terms of authentication for a given mac address from the branch site etc...
04-28-2017 12:26 AM
Dear Inayat,
You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside?
I have permitted all traffic but the important thing is that the traffic is passing through the site-to-site vpn on both the ends,
What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"?
I think the packets are not reaching to the ise server when I test on the switch by aaa command I get No authoritative response from any server. but I can ping the ISE server successfully,
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide