Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
1
Replies

Converged Access CWA Browser Pop-Up not happening

andrew.chappelle
Level 1
Level 1

‎03-15-2016 06:40 PM - edited ‎03-10-2019 11:34 PM

Have an HA 5760 Foreign MC Pair, 5760 Anchor and a 3850 MA.  All running 3.7.3E software.

Client connects to guest SSID served from AP registered to MA.  Associates, gets DHCP IP address fine, but the client browser pop/prompt doesn't occur.  On an iPhone if I manually open a browser and try to browse to Google, I get redirected to the Guest Portal and authentication works normal.  Androids and a Windows laptop can't even do that, they get a "website can't be found" error.  Anchor WLC sits in customer DMZ, so uses public DNS.  Externally-sourced certificate from Digicert bound and associated to Portal's certificate group tag.

Had to leave before I got into any deep troubleshooting, but nothing struck me as odd off top of my head.  The redirect ACL is below:

ip access-list extended GUEST-REDIRECT
deny udp any eq 58 any eq 57
deny udp any any eq 53
deny ip any host <ISE node IP>
permit tcp any any eq www
permit tcp any any eq 443
deny ip any any

Any thoughts or recommendations are appreciated.

Thanks,

Labels:
0 Helpful
1 Reply 1

andrew.chappelle
Level 1
Level 1

‎03-16-2016 02:16 PM

All client types work now, the only remaining issue is that the client device has to manually open a browser and access a web page, then redirection occurs.

0 Helpful
Customers Also Viewed These Support Documents