cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

244
Views
0
Helpful
4
Replies
clark white
Explorer

802.1x remote sites

Dears,

i have a site-to-site vpn between HQ and branch, 802.1X works fine in HQ but it doesn't work for branch users i have enabled permit ip any any on the vpn access-list,i have only 1 ASA firewall and 1 Switch on the branch , i have added the switch in the ISE but not the ASA.

Anybody has experienced such issue

thanks

4 REPLIES 4
clark white
Explorer

nobody in the world has come across such issue

is it I am asking something strange, if so please respond, and if not then nobody in the world has come across to such problem.

thanks

Hi Clark,

You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside? What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"? What is the ISE server reporting in terms of authentication for a given mac address from the branch site etc...

Dear Inayat,

You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside?

I have permitted all traffic but the important thing is that the traffic is passing through the site-to-site vpn on both the ends,

What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"?

I think the packets are not reaching to the ise server when I test on the switch by aaa command I get No authoritative response from any server.  but I can ping the ISE server successfully,

thanks

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube