ISE WebAgent not able to download with error Failed to download Cisco Agent ( Status = -2) !

sachin.sg · ‎05-04-2013

Hi

We are able to get till WebAgent download page and while downling WebAgent we get below error...

Failed to download Cisco Agent ( Status = -2) ! . We tried with many laptops and for all we get same error while downloading the WebAgent ...

We also verified Latest Java & ActiveX components available on every laptops which we used for downloading WebAgent..

Attached the Screenshot of the WebAgent Download process

DACL Posture_Remediation used is as below

permit udp any any eq domain

icmp any any

permit tcp any host <PSN IP Address> eq 8443

permit tcp any any eq 80

permit tcp any any eq 443

permit tcp any host <PSN IP Address> eq 8905

permit tcp any host <PSN IP Address> eq 8909

permit udp any host <PSN IP Address> eq 8905

permit udp any host <PSN IP Address> eq 8906

permit tcp any host < Remediation Server> eq 80

Even we add permit ip any host <PSN IP Address> ,as last acl rule in DACL , still we were getting same error while downloading ...

Did any face the same issue , how it was resolved

Jatin Katyal · ‎05-04-2013

This is seen when the required traffic is not allowed on the ACL.

ISE 1.1.1 added ports 8909 TCP and UDP for client download so we needed to add this into the Posture ACL.

permit tcp any any eq 8909

permit udp any any eq 8909

If you have clients with proxy failing to get the redirection then you should add 8080 to the switch.

ip http port 8080

ip port-map http port 8080

On the redirect ACL

permit tcp any any eq www

permit tcp any any eq 443

permit tcp any any eq 8080

I see you've already tried with permit ip any host

Jatin Katyal

- Do rate helpful posts -

~Jatin