Solved: Why don't I see VPN endpoints in my context visibility?

Josh Morris · ‎10-28-2019

I have just started to use ISE to auth VPN endpoints from my Cisco ASAs. AAA is working beautifully. I see the endpoint come through in the livelog with the Endpoint ID of the public address of the VPN client. I see the client's username. There is no MAC address and no endpoint profile.

When I look in the context visibility for this endpoint, I can't find it. I'm interested in if I see the ACIDEX attributes since I'm using Anyconnect.

Am I missing something on trying to find this endpoint in CV?

howon · ‎10-29-2019

That is correct. I assume RADIUS profiling is enabled on the PSN? I suggest enabling packet capture to see if it is being received. This is example of ACIDEX in the RADIUS accounting:

View solution in original post

howon · ‎10-29-2019

Make sure to enable RADIUS accounting on ASA for the client connection.

Josh Morris · ‎10-29-2019

Thanks, I believe it is based on what I'm seeing. Is this not correct to get accounting info to ISE?

howon · ‎10-29-2019

That is correct. I assume RADIUS profiling is enabled on the PSN? I suggest enabling packet capture to see if it is being received. This is example of ACIDEX in the RADIUS accounting: