Have got ISE 1.2 running and have my firewalls authenticating against them and need to get my IPS modules authenticating as well but don't seem to be able to get them to.
My settings on teh IPS Device are as follows
Servier IP Address - {ISE Address}
Authentication Port - 1645
Timeout (seconds - 3
Shared Secret - {Shared Secret}
However ISE is rejecting the request
| 11001 | Received RADIUS Access-Request |
| 11017 | RADIUS created a new session |
| 11015 | An Access-Request MUST contain either a NAS-IP-Address or a NAS-Identifier or both; Continue processing |
| 15049 | Evaluating Policy Group |
| 15008 | Evaluating Service Selection Policy |
| 15006 | Matched Default Rule |
| 15041 | Evaluating Identity Policy |
| 15006 | Matched Default Rule |
| 15013 | Selected Identity Source - ActiveDirectory |
| 24430 | Authenticating user against Active Directory |
| 24402 | User authentication against Active Directory succeeded |
| 22037 | Authentication Passed |
| 15036 | Evaluating Authorization Policy |
| 24432 | Looking up user in Active Directory - $$-jregan |
| 24416 | User's Groups retrieval from Active Directory succeeded |
| 24420 | User's Attributes retrieval from Active Directory succeeded |
| 15048 | Queried PIP |
| 15048 | Queried PIP |
| 15004 | Matched rule - Default |
| 15016 | Selected Authorization Profile - DenyAccess |
| 15039 | Rejected per authorization profile |
| 11003 | Returned RADIUS Access-Reject |
Do I need to set a new condition based on some specific piece of information for ISE to recognise this devices request?
Any advice would be greatly appreciated.
Many thanks in advance
Jason
