Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1157
Views
5
Helpful
4
Replies

Authentication Rejected with OpenOTP Token Server

scamarda
Cisco Employee
Cisco Employee

‎12-26-2016 08:26 AM

Configured ASA VPN access with OpenOTP as the token server.  Running an authentication test and getting Deny Access result.  Reason is defined as "Rejected per authorization profile"  Per OTP logs and ISE authentication,  user authentication is successful.  Using Policy Sets. Authorization policy has no Deny Access statement in it.  First rule is a Permit access with no conditions.  The default rule is Permit access.  Appears to be failing before hitting the authorization table even though authentication succeeds.  ISE 2.1 patch 2. Screen Shot 2016-12-26 at 10.20.03 AM.png

Screen Shot 2016-12-26 at 10.24.19 AM.png

4 Replies 4

gbekmezi-DD
Level 5
Level 5

‎12-26-2016 10:38 PM

Can you share the live log details?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

0 Helpful

scamarda
Cisco Employee
Cisco Employee
In response to gbekmezi-DD

‎12-27-2016 06:16 AM

Authc Failure Entire Page.png

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎12-28-2016 11:33 AM

If this is a standalone ISE, try restarting ISE services. If a secondary ISE nodes, try a manual re-sync.

0 Helpful

scamarda
Cisco Employee
Cisco Employee
In response to hslai

‎01-03-2017 06:35 AM

The deployment is two nodes.  I've gone ahead and resynced and restarted.  Still same result.  Session is coming up as Denied even though I have everything set to permit.   Happening on both nodes.

0 Helpful
Customers Also Viewed These Support Documents