Re: CTS environmental-data download failed in ASA

swajalsarkar · ‎04-16-2022

Hello,

I am facing an issue where my ASA is not able to download the TrustSec environment-data from ISE. I have configured the device properly in ISE, generated and imported the PAC file as well.

Strange thing is when I checked ISE RADIUS logs for #CTSREQUEST# it shows environmental data downloaded, but in ASA on executing "show cts environmental-data" command it shows last download failed.

In the ASA logs it's showing CTS Env data retrieval failed, error response from ISE.

Can anyone please help in this?

hslai · ‎04-17-2022

I would suggest checking the connectivity between ASA and ISE. If possible, get packet captures at both sides. ASA has "debug cts", which should give you more info.

swajalsarkar · ‎04-18-2022

In the " debug cts all" it's not showing any logs.

The communication between ASA and ISE looks good as I am able to see the RADIUS request being made by the ASA during env-data refresh and being received by ISE and sending replies.

In ISE logs it's showing "Trust Sec environmental-data download succeeded"

But in ASA last download is showing as failed and every minute asa is trying to download

hslai · ‎04-19-2022

Please use the debug cts command on the ASA. If that does not help, engage Cisco TAC.