Solved: Re: High Authentication Latency to Public IP Addresses - ISE

aavnet89 · ‎07-22-2024

Hello,

My ISE system is experiencing High Authentication Latency, upwards of 11,000MS. Specifically for VPN users. The users in question are remote workers, utilising AnyConnect, proxied through Meraki Security Appliances, with Duo acting as the MFA platform. Users hit the correct proxy, then the tunnel-client-endpoint seemingly reaches out to a range of different public IP addresses, which look to be a mix of the home users Internet Service Providers, RIPE, and or unknown addresses.

Staff successfully login, can someone tell me why is the tunnel-client-endpoint is responding in other attributes to these public IP addresses through radius-proxy (as these are not directly associated), and why would the latency / response be so high given the inital request falls with acceptable relams of input time.

ahollifield · ‎07-22-2024

The IP Address listed is the public IP of the client as its connecting to the MX. What is the purpose of ISE in this scenario? Why not just use Duo SAML? The latency is most likely related to the user delaying to respond to MFA push.

View solution in original post

ahollifield · ‎07-22-2024

The IP Address listed is the public IP of the client as its connecting to the MX. What is the purpose of ISE in this scenario? Why not just use Duo SAML? The latency is most likely related to the user delaying to respond to MFA push.

aavnet89 · ‎07-23-2024

Super, thanks ahollifield.