cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
0
Helpful
2
Replies

ASA VPN with ISE Posture

dngore
Cisco Employee
Cisco Employee

Hi,

We are working on Anyconnect remote access VPN with ASA and ISE. 

I have configured static ISE IP address in ISE posture "Unknown" profile so that ISE will send redirect URL with ISE IP address instead of FQDN. End user system can't resolve ISE FQDN hence configured this setting.

 

But ISE is sending two redirect URLs one with FQDN and other one with IP address as shown in attached document. 

 

Is it normal behaviour?  Will end user system process URL with IP address? or URL with FQDN will take precedence?

2 Replies 2

Colby LeMaire
VIP Alumni
VIP Alumni

It should not be sending two different redirect URLs.  That seems like a bug.  It isn't really up to the client to process one or the other.  It would be the ASA that responds to the client with the HTTP 302 - Page Moved command and redirect URL.  You can look on the ASA for the session that you are testing with to see which URL is actually being applied by the ASA.  "show vpn-sessiondb anyconnect ….".  Something like that.

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

   

    It needs to work, try applying the latest patch for the version, and restart ISE services (if you have the luxury).

 

Regards,

Cristian Matei.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: