Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
4
Replies

Cisco ISE (1.3) Posture and re-authentication

dennisnieuwenhuyzen
Level 1
Level 1

‎03-23-2015 12:14 PM - edited ‎03-10-2019 10:34 PM

Hello,

 

With posture and re-authentication, during the re-authentication the posture status swithes to pending. This results in a redirect to client provisioning and a temperorly but unwanted state with no access to network resources.

 

Is there a way to work around this?

 

Regards,

Dennis

2 people had this problem
Labels:
0 Helpful
4 Replies 4

ben.posner
Level 1
Level 1

‎05-18-2016 02:23 PM

did you ever get this figured out? we're having the same issue.

we have re authentication set for 3600 seconds at the authorization profile and then set the switchports for authentication periodic and to pull the timer from the server. user logs in, posturing completes and they are good for 3600 seconds. then the timer expires and the port goes back to pending but re-auth never happens. the redirect URL and the posturing ACL get reapplied to the port but the anyconnect agent never does anything and just sits there saying the endpoint is compliant. i've setup PRA on the anyconnect profile but that doesn't seem to be working either?

so anyconnect never responds and the ports just STAY in pending and the user is forced to disconnect or reboot to get things working again.

are posturing and re-auth mutually exclusive? what is suppposed to get the Anyconnect posturing agent to recheck the host and send to ISE?

0 Helpful

ben.posner
Level 1
Level 1
In response to ben.posner

‎08-24-2016 09:04 AM

anyone? bueller? bueller? still have the same problem on ISE 2.1. it's gotta be something i've not configured properly but i have no idea what...

0 Helpful

dennisnieuwenhuyzen
Level 1
Level 1
In response to ben.posner

‎08-24-2016 01:08 PM

Hi Ben,

Sorry, i missed your first question. We disabled re-authentication at this customer.

0 Helpful

Hasan Erhan AYDINOGLU
Level 1
Level 1
In response to ben.posner

‎04-13-2017 05:21 PM

Still continue on ISE 2.2

Is there any idea how to solve the problem?

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents