Re: Issue with authorization for VPN connections

SangLim · ‎10-03-2018

Hello everyone.

I'm running ISE 2.1 patch6 and I'm having some weird issue with authorization for VPN connections.

No matter what I do to the authorization profiles in the policy set for VPN connections, the authorization always falls to denyaccess.

When I look at the authentication details, I can see the user authenticates successfully, but when it comes to matching authorization policy, it goes straight to denyaccess. Weird part is that I don't even have any authorization policy permission set to denyaccess. Even default policy is set to PermitAccess.

In the RADIUS live log, I can see the correct authentication policy, but authorization policy is blank meaning it's not even hitting the default authorization policy.

Has anyone run into this issue?

Aravind Ravichandran · ‎10-03-2018

Please share the vpn policy sets with detailed radius log.

-Aravind

SangLim · ‎10-04-2018

Please see the attached screenshots.

Aravind Ravichandran · ‎10-04-2018

Hi,

There is some policy in exception policy which is meant to check was machine authenticate equals true.

Please share the exception policy as well.

-Aravind

SangLim · ‎10-05-2018

Here's the exception policy

Nidhi · ‎10-03-2018

Looks like an issue with policies configured.

please share the details