Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3173
Views
5
Helpful
1
Replies

AnyConnect ISE Posture HTTP Redirect Client Provisioning for HTTPS?

Go to solution
Network Diver
Level 3
Level 3

‎11-03-2021 08:53 AM - edited ‎11-03-2021 12:34 PM

Hello,

 

We're using AnyConnect 4.10.03104 for remote access VPN via ASA and have to introduce ISE 2.7 posture. We're having issues with the initial client provisioning process where the new endpoint is in an unknown state and the users browser should get redirected to the ISE client provisioning portal.

 

On the same endpoint HTTP redirection works for some web browsers, but for some don't. We are using WPAD autodiscovery and proxies to access the internet. I noticed that if one explicitly enters the URL with http://some.internal.host the browser immediately gets redirected while https://some.internal.host gets stuck forever.

 

We are using the following HTTP redirection ACL on the ASA:

access-list vpn_posture_unknown_redirect extended deny udp any object-group DNS_Intranet eq domain
access-list vpn_posture_unknown_redirect extended deny tcp any object-group DNS_Intranet eq domain
access-list vpn_posture_unknown_redirect extended deny tcp any object enroll.cisco.com eq www
access-list vpn_posture_unknown_redirect extended deny ip any object-group Cisco_ISE
access-list vpn_posture_unknown_redirect extended permit ip any any

How is it possible to get https:// URLs also automatically redirected now that most browsers first default to https:// when entering a hostname without schema prefix?

 

Regards,

Bernd

1 Accepted Solution

Accepted Solutions
1 Reply 1
Customers Also Viewed These Support Documents