03-07-2020 12:57 AM
Hi,
We are working on Anyconnect remote access VPN with ASA and ISE.
I have configured static ISE IP address in ISE posture "Unknown" profile so that ISE will send redirect URL with ISE IP address instead of FQDN. End user system can't resolve ISE FQDN hence configured this setting.
But ISE is sending two redirect URLs one with FQDN and other one with IP address as shown in attached document.
Is it normal behaviour? Will end user system process URL with IP address? or URL with FQDN will take precedence?
03-07-2020 07:14 AM
It should not be sending two different redirect URLs. That seems like a bug. It isn't really up to the client to process one or the other. It would be the ASA that responds to the client with the HTTP 302 - Page Moved command and redirect URL. You can look on the ASA for the session that you are testing with to see which URL is actually being applied by the ASA. "show vpn-sessiondb anyconnect ….". Something like that.
03-07-2020 08:12 AM
Hi,
It needs to work, try applying the latest patch for the version, and restart ISE services (if you have the luxury).
Regards,
Cristian Matei.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: