Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3305
Views
15
Helpful
4
Replies

ISE 3.1 Incorrect information in Context Visibility - Endpoints.

Go to solution
taurus1975
Level 1
Level 1

‎10-19-2021 04:39 AM

Hi!

After clients connected via AnyConnect and succesfully passed posture and CoA,

information in Context Visibility - Endpoints about active endpoints is incorrect.

 

Status - "disconnected", but it should be "Connected"

Authorization policy - "Posture Unknown",  but it should be "Posture Comliant" 

 

But in the same time other information is correct IP Address, Compliance status, etc.

In Operations RADIUS Live Sessions also all correct.

 

What could be the problem?

 

ISE 3.1, AnyConnect 4.10.02086, ASA5585 9.12

 

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-19-2021 07:44 PM

See CSCvv30274 Context Visibility shows incorrect Authorization profile and policy for VPN Posture scenario

I've not seen a case with incorrect connection status on VPN sessions, tho.

View solution in original post

4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎12-16-2021 02:03 PM

Hello @taurus1975 

 

Silly question but, does the VPN concentrator send RADIUS Accounting to ISE? And if so, are Accounting Interim-Updates enabled?

 

Sometimes it's a case of ISE not being able to determine the state of a RADIUS Session, because ISE has not received any acknowledgement from the NAS via RADIUS Accounting requests.

0 Helpful

Go to solution
taurus1975
Level 1
Level 1
In response to Arne Bier

‎12-21-2021 08:28 AM

Yes, Accounting Interim-Updates enabled.

A certain number of endpoints are marked as connected, about 600 out of 4000.

I don’t see the difference between them.

If delete an endpoint and reconnect, it becomes marked as connected for a while(about few days).

All endpoins on screenshot have an ip address and realy connected.

Снимок.JPG
Preview file
96 KB
0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-19-2021 07:44 PM

See CSCvv30274 Context Visibility shows incorrect Authorization profile and policy for VPN Posture scenario

I've not seen a case with incorrect connection status on VPN sessions, tho.

Go to solution
taurus1975
Level 1
Level 1
In response to hslai

‎12-21-2021 08:34 AM

Thank you, this is exactly that bug.

0 Helpful
Top