03-23-2015 12:14 PM - edited 03-10-2019 10:34 PM
Hello,
With posture and re-authentication, during the re-authentication the posture status swithes to pending. This results in a redirect to client provisioning and a temperorly but unwanted state with no access to network resources.
Is there a way to work around this?
Regards,
Dennis
05-18-2016 02:23 PM
did you ever get this figured out? we're having the same issue.
we have re authentication set for 3600 seconds at the authorization profile and then set the switchports for authentication periodic and to pull the timer from the server. user logs in, posturing completes and they are good for 3600 seconds. then the timer expires and the port goes back to pending but re-auth never happens. the redirect URL and the posturing ACL get reapplied to the port but the anyconnect agent never does anything and just sits there saying the endpoint is compliant. i've setup PRA on the anyconnect profile but that doesn't seem to be working either?
so anyconnect never responds and the ports just STAY in pending and the user is forced to disconnect or reboot to get things working again.
are posturing and re-auth mutually exclusive? what is suppposed to get the Anyconnect posturing agent to recheck the host and send to ISE?
08-24-2016 09:04 AM
anyone? bueller? bueller? still have the same problem on ISE 2.1. it's gotta be something i've not configured properly but i have no idea what...
08-24-2016 01:08 PM
Hi Ben,
Sorry, i missed your first question. We disabled re-authentication at this customer.
04-13-2017 05:21 PM
Still continue on ISE 2.2
Is there any idea how to solve the problem?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide