Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

962
Views
0
Helpful
5
Replies
alice.jessie
Beginner
Beginner
‎10-13-2016 04:23 AM
‎10-13-2016 04:23 AM

ISE 2.1 TC-NAC with AMP

In ISE 2.1, after the third party vendor account for AMP is created, the connection is established but after a while we see that the account becomes unreachable. I have tried reloading the ISE and redoing the integration but often observe that the connectivity disconnects at times. Has anyone come across this issue?

0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
hariholla
Cisco Employee
Cisco Employee
In response to alice.jessie
‎10-14-2016 12:43 PM
‎10-14-2016 12:43 PM

Hi Alice,

I just did a fresh connection in my lab to double check if something's wrong with the connectivity in general.

Here are some observations:

1) When you see the blank screen after AMP redirects back to ISE, just click on the browser couple of times, the ISE page will load. And then hit the 'Finish' button.

2) Yes, I did see the status as 'Configured' and 'Disconnected'. But I gave it a few seconds and hit a refresh button and now things are looking good:

Screen Shot 2016-10-14 at 12.40.04 PM.png

View solution in original post

0 Helpful
5 REPLIES 5
hariholla
Cisco Employee
Cisco Employee
‎10-13-2016 04:40 PM
‎10-13-2016 04:40 PM

Hi Alice, our engineering team claims to have seen this issue internally, when the AMP cloud goes through maintenance. Do let us know if the issue persists with valid configurations in place.

0 Helpful
alice.jessie
Beginner
Beginner
In response to hariholla
‎10-14-2016 12:45 AM
‎10-14-2016 12:45 AM

Hi Hariprasad

Thanks for the quick response.

But now, I'm facing a new issue, In Amp configuration I chose AMP:THREAT as a third party vendor so after configuring it will redirect to AMP for authentication and after successful authentication it will redirect to ISE. But all of the sudden I am facing issue in redirection i.e, After authentication in AMP the pages goes blank its not redirecting to ISE… Previously it was working fine for the past 2 weeks and now I am facing this issue. The Third Party Vendor page in ISE constantly shows Connectivity as Disconnected and Status as Configuration Progress. Is this a part of Maintenance too?

0 Helpful
hariholla
Cisco Employee
Cisco Employee
In response to alice.jessie
‎10-14-2016 12:43 PM
‎10-14-2016 12:43 PM

Hi Alice,

I just did a fresh connection in my lab to double check if something's wrong with the connectivity in general.

Here are some observations:

1) When you see the blank screen after AMP redirects back to ISE, just click on the browser couple of times, the ISE page will load. And then hit the 'Finish' button.

2) Yes, I did see the status as 'Configured' and 'Disconnected'. But I gave it a few seconds and hit a refresh button and now things are looking good:

Screen Shot 2016-10-14 at 12.40.04 PM.png

0 Helpful
alice.jessie
Beginner
Beginner
In response to hariholla
‎10-17-2016 02:04 AM
‎10-17-2016 02:04 AM

Hi Hariprasad

I tried the step that you had suggested, but unlike you, after clicking reload multiple times on the blank screen takes me back to the AMP login screen. Also, which cloud are you using? I'm using the EU cloud.

0 Helpful
Mo Pourmirza
Beginner
Beginner
‎11-17-2017 02:38 PM
‎11-17-2017 02:38 PM

Hi Alice,

Delete the AMP instance that you configured on ISE. Login to AMP for Endpoint Console and go to Applications which is under Accounts. Click on Deregister on Cisco ISE application. Once it has been registered,  re-add  and configure the AMP instance by following below guide.

Configure ISE 2.1 Threat-Centric NAC (TC-NAC) with AMP and Posture Services - Cisco

I hope it helps.

Mohammad

0 Helpful
Latest Contents
Router Security - Zone Based Firewall Step-by-Step Configura...
Created by Kureli Sankar on 05-27-2022 02:42 PM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksSupported PlatformsLicense RequirementsTopologyStep-by-step ConfigurationConfigure PATCreate Custom ZonesCreate Class MapCreate the Policy-mapCreate Zone PairAssign the Interfaces to the ZonesRelevant C... view more
Cisco Champion Radio:S9|E20 Protection for Your Enterprise-C...
Created by Amilee San Juan on 05-25-2022 02:54 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion  With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e... view more
DOT1X IOS commands overview
Created by Meddane on 05-21-2022 03:14 PM
0
0
0
0
Radius server configuration for 802.1X   Server radius test1 Address ipv4 10.1.1.1 Key 1234 ! Server radius test2 Address ipv4 10.1.1.2 Key 1234 ! aaa group server radius TEST-gr  server name test1  server name test2 !      &... view more
Umbrella’s cloud-delivered firewall (CDFW)
Created by Meddane on 05-21-2022 03:04 PM
0
0
0
0
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To... view more
GRE over IPSec Crypto map versus Tunnel Protection (IPsec Pr...
Created by Meddane on 05-21-2022 03:01 PM
0
0
0
0
GRE over IPSec Crypto map   int tunnel 1ip add 172.16.1.1 255.255.255.0tunnel source G0/0tunnel destination 2.2.2.2!access-list 100 permit gre host 1.1.1.1 host 2.2.2.2!crypto ipsec transform-set TS esp-aes esp-sha-hmac!crypto map TESTset peer 2.2.2.... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube