Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
3
Replies

MDM portal redirection issue

Go to solution
sayokada
Cisco Employee
Cisco Employee

‎05-17-2018 05:52 PM

I am currently evaluating Meraki MDM integration with ISE using AnyConnect.

The problem only occurs when using iOS device (iPhone/iPad), and the behavior is following.

1. Connect VPN with AnyConnect

2. Access HTTP web page by Safari (other browsers showing same behavior)

3. Redirect to ISE MDM portal (ISE IP_ADDRESS), but does not redirect to Meraki MDM portal

Other devices (Windows/Android) are redirecting to Meraki MDM portal at step 3, and can successfully make registration...

Are there any additional configuration for iOS devices?

Any comments are appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-18-2018 07:14 AM

If your ISE is using a self-signed or private enterprise PKI, we've seen Apple iOS devices would not open the ISE portal pages. The workaround is to use a CA chain that is in Lists of available trusted root certificates in iOS - Apple Support to sign the ISE portal server certificate for the ISE MDM portal.


If that is not the case, please engage Cisco TAC for further troubleshooting.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-18-2018 07:14 AM

If your ISE is using a self-signed or private enterprise PKI, we've seen Apple iOS devices would not open the ISE portal pages. The workaround is to use a CA chain that is in Lists of available trusted root certificates in iOS - Apple Support to sign the ISE portal server certificate for the ISE MDM portal.


If that is not the case, please engage Cisco TAC for further troubleshooting.

0 Helpful

Go to solution
sayokada
Cisco Employee
Cisco Employee
In response to hslai

‎05-21-2018 09:37 PM

Hi,

Thank you for your reply.

This workaround is  difficult to apply because the environment is in Internal Lab.

I think, the another workaround is to import ISE server cert into iOS device and use it

So If I directly import certificate from ISE as a root certificate for iOS device.

Does this also resolve my issue?

Best regards,

Sayaka

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to sayokada

‎05-21-2018 09:52 PM

Please try and let us know if it helps to import ISE certificate to Apple iOS and explicitly trust it as root

If renaming the domain is an option, you may use the same certificate as that in ISE SAW dCloud Demo (Cisco Sales and Partners).

Incidentally, we usually see such issues in our lab pods but not in our alpha network. Thus, it might be due to using MS AD server as the DHCP and DNS for the clients.

0 Helpful
Customers Also Viewed These Support Documents