cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2587
Views
0
Helpful
1
Replies

ISE 3.0 agentless posture with Firepower FMC RA VPN

star btsistem
Level 1
Level 1

Hi,

We are testing agentless posture on VPN connections based on Firepower. We are using AnyConnect VPN and Umbrella modules. We have uninstalled ISE posture and compliance module. We have designed our test agentless infra as described at the link below. Port 5985 is reachable everything seems ok, but on agentless posture logs it says "Ips are unreachable" 

 

https://community.cisco.com/t5/security-documents/how-to-agentless-posture-configuration-validation-amp/ta-p/4152763

 

ISE-PSC.log logs:

 

2020-09-23 00:05:11,145 INFO [pool-234-thread-5][] cpm.es.service.posture.ESGenericConsumer -::::- Received endpont: 172.16.130.7 from queue: POSTURE-INPUT
2020-09-23 00:05:11,145 INFO [pool-1508-thread-3][] cpm.es.service.posture.ESDiscoveryTask -::::- Execute Discovery task for ip: 172.16.130.7, mac: E4-B3-18-6B-C9-CF, and os: null
2020-09-23 00:05:11,824 INFO [pool-1508-thread-3][] cpm.es.service.posture.ESDiscoveryTask -::::- Publishing result for: 172.16.130.7. Task Status: true
2020-09-23 00:05:11,824 INFO [pool-1508-thread-3][] cpm.es.service.posture.ESDiscoveryTask -::::- Publishing to ES_WIN_POWERSHELL_QUEUE
2020-09-23 00:05:12,525 INFO [Timer-12][] cisco.mnt.common.utility.AlarmMessageDiskQueue -::::- Inside dequeue
2020-09-23 00:05:12,525 INFO [Timer-12][] cisco.mnt.common.utility.AlarmMessageDiskQueue -::::- root exists
2020-09-23 00:05:12,525 INFO [Timer-12][] cisco.mnt.common.utility.AlarmMessageDiskQueue -::::- No alarm file exist
2020-09-23 00:05:12,824 INFO [Thread-141][] cpm.es.infra.publisher.ESBatchWorker -::::- Publisher called for ES_WIN_POWERSHELL_QUEUE with message(s) size: 1
2020-09-23 00:05:12,824 INFO [Thread-141][] cpm.es.infra.publisher.ESBatchWorker -::::- JSON format of the message to be published: [{"sessionId":"c0a84e52000fe0005f6a6558","mac":"E4-B3-18-6B-C9-CF","ip":"172.16.130.7","os":"WINDOWS","domainName":""}]
2020-09-23 00:05:12,826 INFO [pool-234-thread-6][] cpm.es.infra.consumer.ESConsumerService -::::- is Array: true
2020-09-23 00:05:12,826 INFO [pool-234-thread-6][] cpm.es.service.provisioning.ESProvisioningConsumer -::::- Received endpont data from queue: ES_WIN_POWERSHELL_QUEUE
2020-09-23 00:05:12,827 INFO [pool-1508-thread-4][] cisco.cpm.es.service.AbstractESTask -::::- Entry : executeEndpoinntWrapperScript
2020-09-23 00:05:12,830 INFO [pool-1508-thread-4][] cisco.cpm.es.service.AbstractESTask -::::- Exit : executeEndpoinntWrapperScript
2020-09-23 00:05:12,830 INFO [pool-1508-thread-4][] cisco.cpm.es.service.AbstractESTask -::::- Is operation success : true
2020-09-23 00:05:13,603 DEBUG [DefaultQuartzScheduler_Worker-4][] nesla.agent.impl.job.EvalJob -::::- run eval timer job ...
2020-09-23 00:05:13,604 DEBUG [DefaultQuartzScheduler_Worker-4][] nesla.agent.impl.common.Utility -::::- testInfo in saveTestInfoTestInfo [currentState=UNIDENTIFIED, isEnabled=true, productInstanceID=null, registrationLastRenew=Thu Jan 01 03:00:00 AST 1970, registrationInit=Thu Jan 01 03:00:00 AST 1970, registrationNextRenew=Thu Jan 01 03:00:00 AST 1970, registrationExpire=Thu Jan 01 03:00:00 AST 1970, registrationFailed=false, registrationFailedReason=null, smartAccountName=null, virtualAccountName=null, allowRestricted=false, authorizationInit=Thu Jan 01 03:00:00 AST 1970, authorizationLast=Thu Jan 01 03:00:00 AST 1970, authorizationNext=Thu Jan 01 03:00:00 AST 1970, authorizationFailed=false, authorizationFailedReason=null, authorizationDeadline=Thu Jan 01 03:00:00 AST 1970, authorizationExpiredAt=Thu Jan 01 03:00:00 AST 1970, oocStartAt=Thu Jan 01 03:00:00 AST 1970, componentVersion=null, evaluationPeriodRemaining=7547340000, inEvaluation=true, evaluationExpiredAt=Thu Jan 01 03:00:00 AST 1970, registrationAttempt=false, plrEnabled=false, plrStatus=NONE, plrRequestCode=null, confirmationCode=null, plrAuthorizationCode=null, plrReturnCode=null, plrSequence=0, plrInProgressStartTime=null, isAutoConversionEnabled=true, conversionStatus=NOT STARTED, conversionInitialTime=Thu Jan 01 03:00:00 AST 1970, conversionFailed=false, conversionFailureMessage=null, conversionNextTime=Thu Jan 01 03:00:00 AST 1970, pollId=0, utilityEnabled=false, currentRumReportID=0, smartAgentRequestHandler=com.cisco.nesla.agent.impl.SmartAgentRequestHandler@64e0f3e, customId=null, location=null, privacy=null, sendRumReportLast=Thu Jan 01 03:00:00 AST 1970, sendRumReportNext=Thu Jan 01 03:00:00 AST 1970, sendRumReportFailed=false, sendRumReportFailedReason=null, exportAuthRequestLast=Thu Jan 01 03:00:00 AST 1970, exportAuthRequestStatus=null, exportAuthRequestFailedReason=null, exportAuthRequestNext=Thu Jan 01 03:00:00 AST 1970, exportAuthReturnLast=Thu Jan 01 03:00:00 AST 1970, exportAuthReturnStatus=null, exportAuthReturnFailedReason=null, exportAuthReturnNext=Thu Jan 01 03:00:00 AST 1970, returnKeyInProcess=[], authorizedFeatures=[], pollDataMap=[]]
2020-09-23 00:05:14,103 DEBUG [DefaultQuartzScheduler_Worker-4][] nesla.agent.impl.manager.KeyStoreManager -::::- writing keystore to: /opt/CSCOcpm/appsrv/apache-tomcat/config/agentStore
2020-09-23 00:05:14,280 INFO [SecureTCPMsgReceiver][] cpm.infrastructure.systemconfig.syslogproc.SecureTCPReceiver -::::- SecureTCPMsgReceiver invoked..
2020-09-23 00:05:14,621 DEBUG [DefaultQuartzScheduler_Worker-4][] nesla.agent.impl.manager.KeyStoreManager -::::- writing keystore to: /opt/CSCOcpm/appsrv/apache-tomcat/config/agentStore
2020-09-23 00:05:14,621 DEBUG [DefaultQuartzScheduler_Worker-4][] nesla.agent.impl.common.Utility -::::- save agent info successful
2020-09-23 00:05:15,133 INFO [pool-234-thread-7][] cpm.es.infra.consumer.ESConsumerService -::::- is Array: true
2020-09-23 00:05:15,133 INFO [pool-234-thread-7][] cisco.cpm.posture.events.PostureMessagesConsumer -::::- Received on queue=SCRIPT-UPLOAD-FAILED, sessionId=c0a84e52000fe0005f6a6558, endpointIP=172.16.130.7, mac=null, os=windows, failureReason=Ips are unreachable
2020-09-23 00:05:15,133 INFO [pool-234-thread-7][] cisco.cpm.posture.events.PostureMessagesConsumer -::::- Calling AgentlessPostureErrorHandler.handleError for sessionId=c0a84e52000fe0005f6a6558
2020-09-23 00:05:15,134 INFO [pool-234-thread-7][] cisco.cpm.posture.runtime.AgentlessPostureErrorHandler -::::- Handle error for sessionId=c0a84e52000fe0005f6a6558, agentlessFlowStatus=Failure
2020-09-23 00:05:15,134 INFO [pool-234-thread-7][] cisco.cpm.posture.runtime.AgentlessPostureErrorHandler -::::- Calling triggerPostureCoA for sessionId=c0a84e52000fe0005f6a6558
2020-09-23 00:05:15,134 DEBUG [pool-234-thread-7][] cisco.cpm.posture.runtime.PostureCoA -::::- entering triggerPostureCoA for session c0a84e52000fe0005f6a6558
2020-09-23 00:05:15,135 DEBUG [pool-234-thread-7][] cisco.cpm.posture.runtime.PostureCoA -::::- Posture CoA is scheduled for session id [c0a84e52000fe0005f6a6558]
2020-09-23 00:05:15,135 DEBUG [pool-234-thread-7][] cisco.cpm.posture.runtime.PostureCoA -::::- Posture status for session id c0a84e52000fe0005f6a6558 is Unknown
2020-09-23 00:05:15,135 DEBUG [pool-234-thread-7][] cisco.cpm.posture.runtime.PostureCoA -::::- No other active sessions found

 

https://community.cisco.com/t5/security-documents/how-to-agentless-posture-configuration-validation-amp/ta-p/4152763

1 Reply 1

joseponceiii
Level 1
Level 1

Hello, just curious have you successfully implemented RA VPN with agentless posture?