cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
778
Views
0
Helpful
8
Replies

Issues with ISE Guest Portal Redirection Over WLC When Using Explicit

Carl-in-lux
Level 1
Level 1

Hello

We've successfully enabled the ISE Guest Portal on our WLC, and it works well with PCs until we apply explicit proxy settings. After configuring the proxy, the guest portal no longer appears; instead, the PC tries to access the proxy server, bypassing the ISE redirection.

We attempted a workaround by adding our domain (portal.company.com and *.company.com) to the proxy's exceptions list, but the PC continues to prioritize the proxy server.

Any advice on how to ensure the guest portal is accessed before the proxy intervention?

Thanks for your insights.

1 Accepted Solution

Accepted Solutions

Carl-in-lux
Level 1
Level 1

Hi,

I finally found the solution to get the redirection to work with the explicit proxy.
i had to add this Microsoft's redirect url in the proxy bypass :
"www.msftconnecttest.com/*"

View solution in original post

8 Replies 8

marce1000
VIP
VIP

 

              - If the proxy settings are applied on the PC , isn't that normal ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

It is normal in a standard situation, but it must be dealt with when using redirection for web authentication.

balaji.bandi
Hall of Fame
Hall of Fame

just thinking this use case try  to use WPAD File rather Manually configuring the Proxy, also you can use DHCP Options (if that works).

https://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html

or in the browser proxy exception URL add that local domain which you like to directly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I've done the exception, but i think the actual problem is that ISE redirection is overwritten by the proxy. So the client is never redirect to the ISE Portal. If i type the portal address manually i can get to it.

Does proxy does know how to reach that URL ?

 If i type the portal address manually i can get to it. (using the Proxy settings ?)

This required some troubleshoot and understand the flows - where it dropping ? when the user authenticate, do you see request in Proxy  going to redirect URL ? is this denied or allowed ?

how is your proxy configured for authentication ? 

 

may be check this guide can help you :

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ise-manage-on-my-device-portal

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you for providing the link.

It appears to be an issue related to architecture.

Setting up an explicit proxy causes the PC to attempt connection with the proxy server prior to interacting with the ISE Captive Portal, regardless of bypass settings for local and ISE URLs. The PC persists in trying to connect to the proxy server.

However, authentication with the ISE Captive Portal is required before the PC can establish a connection to the proxy server.

A potential solution might be to configure the proxy as a transparent proxy operating at the VLAN level.

Carl-in-lux
Level 1
Level 1

Hi,

I finally found the solution to get the redirection to work with the explicit proxy.
i had to add this Microsoft's redirect url in the proxy bypass :
"www.msftconnecttest.com/*"

This was recent change in Microsoft - as soon as you connect to network, its check with the domain mentioned connect.txt that where all the issue started, once we do the same outlook other stuff start work too.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help