Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

ISE classifying LAN connected VPN device MDM DeviceRegisterStatus: false

Go to solution
Evanjrosado
Level 1
Level 1

‎11-19-2019 06:58 AM

Ever since deploying ISE 2.4 patch 9 with ASA to offer AnyConnect RAVPN services to BYOD users by checking against MDM/AirWatch for AD group membership and AirWatch device registration status we have had continuous issues with ISE reporting DeviceRegisterStatus equals false mainly for LAN connected users over the VPN. WLAN connected users over the VPN usually don't have issues. Cisco TAC wanted us to bounce the external MDM account in ISE by removing the currently defined external MDM source in ISE and then adding it again to see if ISE will utilize MDM v2 to perform queries instead of MDM v1. We want ISE to utilize UDID when making a query to AirWatch on an endpoint instead of MAC address.

 

Has anyone run into this issue before? I'm going to test this in the lab today and will report back my findings. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-07-2019 12:53 PM

I've NOT heard of such issue before. Please ask TAC to escalate if needed.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-07-2019 12:53 PM

I've NOT heard of such issue before. Please ask TAC to escalate if needed.

0 Helpful
Customers Also Viewed These Support Documents