I have been messing around with some VPN AuthN and AuthZ using Cisco ISE and Microsoft NPS as RADIUS Token vs RADIUS External server. I've noticed that since I switched to this Token or External sequence, I no longer see any events in the RADIUS live logs, even though a a Wireshark clearly shows the VPN appliance sending RADIUS requests to ISE, and then ISE forwarding those requests to NPS.
Just wondering if you think this expected when using RADIUS token or external? Or maybe I have a bug and need to talk with TAC?
Solved! Go to Solution.
In both cases you should see Live Logs in ISE .
In the case of Token Servers, I have one use case where I use Token Servers (PSN loopback address as Token Server) to restrict access to ISE MyDevices portals (using a clever little trick) - it shows up in Live Logs.
Do you see the response from the NPS server back to ISE in the Wireshark? And BTW, does your External Server sequence, do you use ISE to perform Authorization? Perhaps that's the reason you don't see it in Live Logs - if ISE is just a proxy then there's nothing for ISE to do really (other than forward the request to another RADIUS server) - it's been a while since I have done a pure proxy setup - in most cases I use ISE to perform AuthZ too - and I can confirm that I see this in the LiveLogs (ISE 2.7)
Hi @Arne Bier ,
I have seen this issue on ISE, Live logs not showing anything and you must restart the node to get Live Logs working again.
There's also the following bug (not sure if it's relevant to your situation)
Well my two cents on that topic, be careful when dealing with Radius Server Sequence :
Once configured, if you touch it, it is not working anymore, you have to destroy/recreate sequence to make it work again (OR reboot everything)