Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3445
Views
10
Helpful
4
Replies

Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

Go to solution
Panos Bouras
Level 1
Level 1

‎05-20-2020 02:32 AM

Hi all,

 

During a posture deployment on Windows 10 with ISE2.4 and AC 4.7 & 4.8 we hit the following bug

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo36890/?rfs=iqvred

If we perform the Teredo disable command it gets enabled again after restart and I'm not sure what we will break if we disable it via GPO etc.

 

As the Bug report doesn't actually provides much details,I'm looking for possible mitigations and workarounds.

Anybody has any experience with this issue and successful resolutions?

 

 

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎05-20-2020 03:43 PM

A customer of mine ran into this.  They had to push a registry setting via GPO policy to disable the teredo adapter.  Once they did that their posturing issues (i.e. constant pop-ups and reposturing) went away.

View solution in original post

4 Replies 4

Go to solution
paul
Level 10
Level 10

‎05-20-2020 03:43 PM

A customer of mine ran into this.  They had to push a registry setting via GPO policy to disable the teredo adapter.  Once they did that their posturing issues (i.e. constant pop-ups and reposturing) went away.

Go to solution
Panos Bouras
Level 1
Level 1
In response to paul

‎06-09-2020 06:42 AM

Thank you Paul.

 

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful

Go to solution
Mohamed Abdi
Level 1
Level 1
In response to paul

‎06-09-2020 07:53 AM - edited ‎06-09-2020 07:56 AM

We ran into similar issues. Some users also reported no policy server detected, no internet and no outlooks accessible. Disabled IPV6 on client machine resolved the issue. We opened a ticket with TAC, and they recommend we should apply this command "client-bypass-protocol enable" under the group-policy. I haven't tested the command yet.

0 Helpful

Go to solution
Panos Bouras
Level 1
Level 1
In response to Mohamed Abdi

‎06-22-2020 06:24 AM

Hi Mohamed,

I believe that "client-bypass-protocol enable" applies to firewalls or at least VPN configuration. We witnessed this behavior at switch connected devices, but not during our VPN tests where the same client was terminating VPN connection to FTD 2100 6.4.0 firewalls using 4.7 Anyconnect. ISE and AD infrastructure was the same.
Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
Customers Also Viewed These Support Documents