05-31-2022 05:57 AM
Folks,
I understand that the Cisco ISE PSN's should do some NMAP scans on the network at regular intervals.
However, I do not see that to be the case.
e.g. we have few devices where the OS and ports detected in NMAP scan do not show up.
However, if we do a manual scan to this device from the ISE it shows up correctly.
We have all the nodes configured to NMAP in the "Profiling Configuration".
It reads "The NMAP probe will scan endpoints for open ports and OS."
Our challenge is where are we going wrong and why the results show up only after a manual scan.
Any suggestions?
Regards,
N!
05-31-2022 06:06 AM
what ISE version, how is your autoscan profile looks like compare to Manual scan
check some reference guide :
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design
05-31-2022 06:39 AM
Hi Balaji,
Thanks! The ISE version is 3.0.
When you say autoscan, I understand you are referring to NMAP Scan Actions under "Policy Elements".
If yes, there is no difference in the autoscan and the manual scan I did.
Regards.
05-31-2022 06:24 AM
Hi
See this previous post on how/when ISE performs nmap scans
https://community.cisco.com/t5/network-access-control/nmap-scan-questions/td-p/3776212
NMAP can be triggered in the following cases:
hth
Andy
06-01-2022 07:58 PM
ISE needs the mapping of the IP address to the MAC address in order to update the NMAP results to the endpoint.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide