Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6218
Views
18
Helpful
4
Replies

ISE Guest Portal - Error Resource not found

Go to solution
Daniel Stefani
Level 1
Level 1

‎03-12-2013 06:33 AM - edited ‎03-10-2019 08:11 PM

Hello,

When I create a guest user through the sponsor portal, then try to login with this guest user through the Guest Portal, after I press login button, the following error message occurs and do not know what to do to solve.

Error: Resource not found.
Resource: /guestportal/

None of the messages on the forum about it helped me to solve the problem.

I am using ISE 1.1.3.124 and this is a new re-image appliance.


Can anyone help?                  

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
parcvista
Level 1
Level 1

‎03-13-2013 02:09 AM

I saw another post stated that "

The resource not found error occurs if you go directly to the guest  portal without being redirected from a NAD. This is not a supported flow". The link is  https://supportforums.cisco.com/thread/2153163

Are you access it directly?

Leo

View solution in original post

4 Replies 4

Go to solution
michael.evdokimov
Level 1
Level 1

‎03-13-2013 12:46 AM

I randomly get this when guests try to authenticate via CWA to the guest portal on ISE

0 Helpful

Go to solution
parcvista
Level 1
Level 1

‎03-13-2013 02:09 AM

I saw another post stated that "

The resource not found error occurs if you go directly to the guest  portal without being redirected from a NAD. This is not a supported flow". The link is  https://supportforums.cisco.com/thread/2153163

Are you access it directly?

Leo

Go to solution
harvisin
Level 3
Level 3

‎04-04-2013 09:15 PM

Hello,

As you are not able to  get the guest portal, then you need to assure the following things:-

1) Ensure that the  two  Cisco av-pairs that are configured on the authorization profile should  exactly match the example below. (Note: Do not replace the "IP" with the  actual Cisco ISE IP address.)

–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp

–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also  defined on the access switch)

2) Ensure that the URL redirection portion of the ACL have been applied  to the session by entering the show epm session ip   command on the switch. (Where the session IP is the IP address that is  passed to the client machine by the DHCP server.)

Admission feature : DOT1X

AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e

URL Redirect ACL : ACL-WEBAUTH-REDIRECT

URL Redirect :

https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72

0000A45A2444BFC2&action=cpp

3) Ensure that the preposture assessment DACL that is enforced from the  Cisco ISE authorization profile contains the following command lines:

remark Allow DHCP

permit udp any eq bootpc any eq bootps

remark Allow DNS

permit udp any any eq domain

remark ping

permit icmp any any

permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect

permit tcp any host 80.0.80.2 eq www --> Provides access to internet

permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal

port

permit tcp any host 80.0.80.2 eq 8905 --> This is for posture

communication between NAC agent and ISE (Swiss ports)

permit udp any host 80.0.80.2 eq 8905 --> This is for posture

communication between NAC agent and ISE (Swiss ports)

permit udp any host 80.0.80.2 eq 8906 --> This is for posture

communication between NAC agent and ISE (Swiss ports)

deny ip any any

Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.

4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on  the switch as follows:

ip access-list extended ACL-WEBAUTH-REDIRECT

deny ip any host 80.0.80.2

permit ip any any

5) Ensure that the http and https servers are running on the switch:

ip http server

ip http secure-server

6) Ensure that, if the client machine employs any kind of personal  firewall, it is disabled.

7) Ensure that the client machine browser is not configured to use any  proxies.

8) Verify connectivity between the client machine and the Cisco ISE IP  address.

9) If Cisco ISE is deployed in a distributed environment, make sure that  the client machines are aware of the Policy Service ISE node FQDN.

10) Ensure that the Cisco ISE FQDN is resolved and reachable from the  client machine.

11) Or you need to do re-image again.

Go to solution
Andreas Jaeger
Level 1
Level 1
In response to harvisin

‎04-24-2013 03:01 AM

Many of our Users reporting this Issue on our Custom DRW Portal, too.

ISE Version: 1.1.2.145

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents