Hi Gents

never thought i could get into this, BUT with subject ISE latest patch i cant match interesting AuthC methods (EAP-FAST & PEAP) with configured policies. I've been trying NA:AuthenticationMethod = X509_PKI for EAP-TLS (within PEAP i believe :0)  , NA:UseCase=Eap Chain for EAP-FAST (i really do EapChain within EapFast) , NA:EapTunnel=PEAP (for EAP-TLS) & =EAP-FAST (for itself) correspondingly , NA:EapAuthentication=EAP-TLS (for itself) & i never match any. 

All falls back to Default policy (allow all protocols & use SecureProdSequence) where it succeeds (either it EAP-TLS or EAP-FAST w/ Chaining).

attached is snap of PolicySet i catch this usecase (also hits everytime as expected, EAP-TLS policy disabled at the moment)

Any help pls on what i do wrong?

UPD: just to avoid extra iterations:

Authentication Protocol EAP-FAST (EAP-MSCHAPv2,EAP-TLS) is from successful EAP-FAST w/ Chain session

&

Authentication Protocol EAP-TLS is from successful EAP-TLS session (when using NA:EapTunnel in EAP-TLS policy i've selected PEAP as there is no closest option otherwise)

UPD: i can see CSCvc98033 is also not of help

UPD: forgotten to notice for either EAP-TLS or EAP-FAST single supplicant of AnyConnect NAM v 4.5 is in use. within single profile there r 2 networks for EAP-TLS & EAP-FAST w/ Chaining correspondingly.