cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

582
Views
5
Helpful
4
Replies
Highlighted
Beginner

Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

Hi all,

 

During a posture deployment on Windows 10 with ISE2.4 and AC 4.7 & 4.8 we hit the following bug

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo36890/?rfs=iqvred

If we perform the Teredo disable command it gets enabled again after restart and I'm not sure what we will break if we disable it via GPO etc.

 

As the Bug report doesn't actually provides much details,I'm looking for possible mitigations and workarounds.

Anybody has any experience with this issue and successful resolutions?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advocate

Re: Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

A customer of mine ran into this.  They had to push a registry setting via GPO policy to disable the teredo adapter.  Once they did that their posturing issues (i.e. constant pop-ups and reposturing) went away.

View solution in original post

4 REPLIES 4
Highlighted
VIP Advocate

Re: Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

A customer of mine ran into this.  They had to push a registry setting via GPO policy to disable the teredo adapter.  Once they did that their posturing issues (i.e. constant pop-ups and reposturing) went away.

View solution in original post

Highlighted
Beginner

Re: Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

Thank you Paul.

 

Highlighted
Beginner

Re: Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

We ran into similar issues. Some users also reported no policy server detected, no internet and no outlooks accessible. Disabled IPV6 on client machine resolved the issue. We opened a ticket with TAC, and they recommend we should apply this command "client-bypass-protocol enable" under the group-policy. I haven't tested the command yet.

Highlighted
Beginner

Re: Anyconnect ISE posture IPv6 infinite loop (CSCvo36890)

Hi Mohamed,

I believe that "client-bypass-protocol enable" applies to firewalls or at least VPN configuration. We witnessed this behavior at switch connected devices, but not during our VPN tests where the same client was terminating VPN connection to FTD 2100 6.4.0 firewalls using 4.7 Anyconnect. ISE and AD infrastructure was the same.