Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1861
Views
0
Helpful
5
Replies

URL feed not accessible in ISE

Go to solution
alan
Level 1
Level 1

‎03-03-2017 11:27 AM - last edited on ‎03-25-2019 05:35 PM by Community Manager

Background

I have build an ISE server, and domain as VM's in a lab environment for study purposes.

The active directory DC acts as a DNS server, and both the single ISE server and DC have full internet access (DNS, web browsing on both devised are confirmed as working).

When I try to update ISE Client provisioning service packages from Cisco (Policy > Results > Client Provisioning > Resources > Add > Agent Resources from Cisco Site) , or when I try to update the posture (Administration > System > Settings > Posture > Updates) I get the error below.

-----

Connection to the remote site has failed. Verify that the remote site is available and/or related ISE administration settings are correct.
-------
Running a packet capture on an upstream firewall I can see that www.perfigo.com is resolved to an IP address (74.217.77.52), I then see an attempted connection to this IP over tcp/443, this attempt retires 2 additional times and times out.
So it appears that the URL isn't accessible by me.
when I try to connect to the https://74.217.77.52 URL via a browser I don't get anything, nor can I see an open port via nmap or connecting via telnet.
I'm trying to determine if this feed still exists and should I be able to use it? Is this some localised issue to me.
I am running ISE v2.1
The feed address I am using is as below.
3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-04-2017 03:33 AM

The site should be working for client provisioning. I just tried and succeeded in downloading a resource from Cisco via my lab ISE GUI.

For posture updates I'm seeing an error on my lab ISE as well. It's on ISE 2.1 Patch 3.

I know these were working as recently as a couple of weeks ago when I was working on a customer's production deployment.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-04-2017 03:33 AM

The site should be working for client provisioning. I just tried and succeeded in downloading a resource from Cisco via my lab ISE GUI.

For posture updates I'm seeing an error on my lab ISE as well. It's on ISE 2.1 Patch 3.

I know these were working as recently as a couple of weeks ago when I was working on a customer's production deployment.

0 Helpful

Go to solution
alan
Level 1
Level 1
In response to Marvin Rhoads

‎03-05-2017 02:21 AM

Thank you for the response Marvin,

I'll keep trying and may build a new environment to see if the issue continues on a new install.

I'll check my patch level and do another pcap to see what happens.

0 Helpful

Go to solution
alan
Level 1
Level 1
In response to alan

‎03-14-2017 10:08 AM

Tried it again last night and the updates worked without any changes being made from my side.

I can only assume there was an issue on the service.

Case closed.

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to alan

‎03-14-2017 10:15 AM

You are not alone in this problem :) I had this happen a few times to me last month, only for it to start working a while later. Looks like the perfigo site that this is hosted on, keeps going down frequently.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to alan

‎03-14-2017 09:13 PM

I brought this up with a Cisco ISE TME during Cisco Live and he thought they were changing over the site's certificate infrastructure and may have had some issues in that regard.

0 Helpful
Customers Also Viewed These Support Documents