Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
0
Helpful
8
Replies

Https redirection issue for Wireless Guest CWA - ISE 1.3

deepuvarghese1
Spotlight
Spotlight

‎04-09-2015 02:42 AM - edited ‎03-10-2019 10:37 PM

Our Setup is

ISE 1.3 (Patch level 2) running on ACS 1121

2 nodes clustered with Admin, monitoring, policy service enabled ( Primary and Secondary ).

 

Configured SSID Guest for Centralized web authentication with ISE.

We have issues in web redirection with chrome . It is not redirecting to the ISE page but rather showing " Page cannot be displayed".

By default chrome is pointing to https. For example if we type https://google.com it is not redirecting to ISE page. But when I specify the same as http://google.com it works.

There is no issue with IE, Firefox as it is redirecting to ISE page with default https and i can see it is hitting our rule.

Please advice.

 

 

 

 

1 person had this problem
Labels:
0 Helpful
8 Replies 8

nspasov
Cisco Employee
Cisco Employee

‎04-09-2015 11:50 AM

Can you post a screenshot of your redirection ACL

Thank you for rating helpful posts!
0 Helpful

deepuvarghese1
Spotlight
Spotlight
In response to nspasov

‎04-09-2015 02:44 PM

Hi Neno,

Please find the attached ACL for CWA. The IP's mentioned in ACL are ISE primary and secondary.

Preview file
23 KB
0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to deepuvarghese1

‎04-09-2015 04:53 PM

Hmm, things look correct. Have you tried to clear the cache/cookies in chrome and then try again. 

Thank you for rating helpful posts!
0 Helpful

deepuvarghese1
Spotlight
Spotlight
In response to nspasov

‎04-12-2015 05:56 AM

We have tried in many PC's with chrome but the result is same even after clearing the cache/cookies. Other browsers are working fine. Please suggest.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to deepuvarghese1

‎04-12-2015 12:56 PM

Yeah, I updated my chrome browser and now facing the same issue. I am guessing something changed within the dynamics of chrome that broke this. Are you by any chance using a self-signed certificate? I am having the feeling that it has something to do with untrusted certificates. 

Thank you for rating helpful posts!
0 Helpful

deepuvarghese1
Spotlight
Spotlight
In response to nspasov

‎04-12-2015 01:09 PM

One of the PC Chrome version that we tested is with 40+ .

Page is not prompting for any certificate error while trying to load the page rather showing "page cannot be displayed". I will cross check what is the settings of their current certificate. I can try using a self signed cert if needed. 

0 Helpful

deepuvarghese1
Spotlight
Spotlight
In response to nspasov

‎04-13-2015 12:12 AM

Hi Neno

They are using a third party certificate (digi cert) for client auth. They have confirmed even if they use a self-signed-cert the result is same.

So basically none of the https page is not loading. If we manually browse some https site from Firefox, IE the result is same showing " page cannot be displayed".

Redirection to https is the problem which i have never faced with my other customer. This is the upgraded version of ISE from 1.2 to 1.3.

 

 

0 Helpful

paulnus001
Level 1
Level 1

‎04-14-2015 06:06 AM

I did a +1 on this issue as well. We have instructed users to use other browsers for authentication against the wireless. 

0 Helpful
Customers Also Viewed These Support Documents