cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3286
Views
0
Helpful
6
Replies
Highlighted
Beginner

ISE Agent download problems

Dears,

i have Cisco ISE 1.1.1 with patch installed, i am having a problem with downloading the CIsco NAC agent.

when i click on Install Agent, it is giving the attached message. and sometimes activex failed retrying with applet.

The Web agent is running fine, if i install the NAC agent manualy on my laptop, it is working fine, i have tried 3 laptops  with different browser with sames problem.

BR,

Everyone's tags (4)
6 REPLIES 6
Highlighted
Advocate

ISE Agent download problems

Hi,

In your client provisioning policy, try selecting another version of the nac agent and see if that fixes your issue, also try to download the offline agent from cisco.com and upload that agent into the ISE resources section and see if that fixes the issue.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Highlighted

ISE Agent download problems

I am also having the same issue. I have modified my dACL to make it work I am just missing something in my Posture remediation ACL.

-CC

Highlighted
Beginner

ISE Agent download problems

Dears,

Actually i tried many NAC agent version, same problem. The offline agent is used to download it directly on the workstation without downloading it from the ISE right?

Christopher, can you please share your DACL, i used the one from the ISE Posture guide.

BR,

Highlighted

ISE Agent download problems

I am going to try and work on narrowing down what it is actually accessing. I also used the gold lab material and it does not work with the downloadable ACL provided. I simply did a PERMTI IP ANY ANY at the end of my dACL and it downloaded the client without issues from my Policy server.

Something is missing.

-CC

Highlighted

Re: ISE Agent download problems

Here is the downloadable ACL for posture I used to get it to work. It needs TCP 8909 to the Posturing nodes.

permit tcp any any eq www

permit tcp any any eq 443

permit tcp any host eq 8443

permit tcp any host eq 8905

permit tcp any host eq 8909

permit tcp any host eq 8443

permit tcp any host eq 8905

permit tcp any host eq 8909

permit udp any any eq domain

permit udp any host eq 8905

permit udp any host eq 8906

permit udp any host eq 8905

permit udp any host eq 8906

permit icmp any any

Original LAB ACL

permit udp any any eq domain

permit icmp any any

permit tcp any host 10.1.100.21 eq 8443

permit tcp any any eq 80

permit tcp any any eq 443

permit tcp any host 10.1.100.21 eq 8905

permit udp any host 10.1.100.21 eq 8905

permit udp any host 10.1.100.21 eq 8906

Highlighted
Cisco Employee

ISE Agent download problems

Ensure that a client provisioning policy exists in Cisco ISE. If yes, verify the

policy identity group, conditions, and type of agent(s) defined in the policy.

(Also ensure whether or not there is any agent profile configured under Policy >

Policy Elements > Results > Client Provisioning > Resources > Add > ISE

Posture Agent Profile, even a profile with all default values.)

• Try reauthenticating the client machine by bouncing the port on the access

switch.

Remember that the client provisioning agent installer download requires the following:

• The user must allow the ActiveX installer in the browser session the first time an agent is installed

on the client machine. (The client provisioning download page prompts for this.)

• The client machine must have Internet access.