05-17-2018 05:52 PM
I am currently evaluating Meraki MDM integration with ISE using AnyConnect.
The problem only occurs when using iOS device (iPhone/iPad), and the behavior is following.
1. Connect VPN with AnyConnect
2. Access HTTP web page by Safari (other browsers showing same behavior)
3. Redirect to ISE MDM portal (ISE IP_ADDRESS), but does not redirect to Meraki MDM portal
Other devices (Windows/Android) are redirecting to Meraki MDM portal at step 3, and can successfully make registration...
Are there any additional configuration for iOS devices?
Any comments are appreciated.
Solved! Go to Solution.
05-18-2018 07:14 AM
If your ISE is using a self-signed or private enterprise PKI, we've seen Apple iOS devices would not open the ISE portal pages. The workaround is to use a CA chain that is in Lists of available trusted root certificates in iOS - Apple Support to sign the ISE portal server certificate for the ISE MDM portal.
If that is not the case, please engage Cisco TAC for further troubleshooting.
05-18-2018 07:14 AM
If your ISE is using a self-signed or private enterprise PKI, we've seen Apple iOS devices would not open the ISE portal pages. The workaround is to use a CA chain that is in Lists of available trusted root certificates in iOS - Apple Support to sign the ISE portal server certificate for the ISE MDM portal.
If that is not the case, please engage Cisco TAC for further troubleshooting.
05-21-2018 09:37 PM
Hi,
Thank you for your reply.
This workaround is difficult to apply because the environment is in Internal Lab.
I think, the another workaround is to import ISE server cert into iOS device and use it
So If I directly import certificate from ISE as a root certificate for iOS device.
Does this also resolve my issue?
Best regards,
Sayaka
05-21-2018 09:52 PM
Please try and let us know if it helps to import ISE certificate to Apple iOS and explicitly trust it as root
If renaming the domain is an option, you may use the same certificate as that in ISE SAW dCloud Demo (Cisco Sales and Partners).
Incidentally, we usually see such issues in our lab pods but not in our alpha network. Thus, it might be due to using MS AD server as the DHCP and DNS for the clients.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide