04-16-2022 12:09 PM
Hello,
I am facing an issue where my ASA is not able to download the TrustSec environment-data from ISE. I have configured the device properly in ISE, generated and imported the PAC file as well.
Strange thing is when I checked ISE RADIUS logs for #CTSREQUEST# it shows environmental data downloaded, but in ASA on executing "show cts environmental-data" command it shows last download failed.
In the ASA logs it's showing CTS Env data retrieval failed, error response from ISE.
Can anyone please help in this?
04-17-2022 06:03 PM
I would suggest checking the connectivity between ASA and ISE. If possible, get packet captures at both sides. ASA has "debug cts", which should give you more info.
04-18-2022 02:13 AM
In the " debug cts all" it's not showing any logs.
The communication between ASA and ISE looks good as I am able to see the RADIUS request being made by the ASA during env-data refresh and being received by ISE and sending replies.
In ISE logs it's showing "Trust Sec environmental-data download succeeded"
But in ASA last download is showing as failed and every minute asa is trying to download
04-19-2022 05:33 PM
Please use the debug cts command on the ASA. If that does not help, engage Cisco TAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide