Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1061
Views
0
Helpful
1
Replies

Clients posture url redirect to secondary node of ISE server

bunleang
Level 1
Level 1

ā€Ž10-26-2021 01:07 AM - edited ā€Ž10-26-2021 01:10 AM

Hi team,

I am facing with ISE posture redirect to url of ISE server

Environment:

have two nodes of ISE deployed as primary/secondary node 

- the primary node is the active node 

- the secondary node is the standby node

The client performs posture scan:

++ Client connecting to meraki ssid wifi -> client pop up a browser and redirect to url of primary ISE -> annyconnect start scan posture -> status anyconnect compliance.

+++ The issue happened with some clients with posture scan +++

++ client connecting to the same meraki ssid wifi -> client pop up a browser and redirect to url secondary ISE ->  client annyconnect failed to scan posture due to the current ISE node it working on the primary ISE.

 

Based on this explanation anyone can help with this  to prevent client redirect to the secondary URL 

Thanks

 

 

 

 

0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

ā€Ž10-26-2021 04:45 AM

There is a setting in the ISEPostureCFG.xml which is stored here on Windows clients: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture that you should take a peek at.  The 'Call Home List' is a list of IPs (your PSNs) that the module will attempt to contact IF the PSN that authenticated the endpoint does not respond.  Is it possible for the one-off clients that they are actually onboarded via your 2nd PSN so therefore get redirected there? See radius live log to determine.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents