Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
68
Views
0
Helpful
1
Replies

RA-VPN not revievin/enforcing the right Group-Policy send from ISE

sd-wan_engineer
Level 1
Level 1

‎11-06-2024 06:36 AM - edited ‎11-06-2024 06:42 AM

Issue:
After software upgrade on the FW the VPN session not recieving the right Group-Policy from ISE.
 Even when ISE gets all the information of the user from AD (no change here), the authorization policy that was matching before is not matching anymore.

We have  4 lokations all with FTD-FMC and using certificate and radius authentication.
There is one location that have upgrade the firewalls and manager to 7.4.2.1-30 and now the VPN is not working well.
We are having issues when trying to assign a different group policy to a user where the group policy contains a different client profile (XML) to the one used to connect in the first instance.

We think there is a bug in the new software that is preventing the firewall to overwrite the VPN session.
Firewall:
Firepower 2110 with FTD 7.4.2.1
FMC 7.4.2.1.30



0 Helpful
1 Reply 1

Aref Alsouqi
VIP
VIP

‎11-06-2024 07:26 AM

Does the authorization request make it to ISE? if so, what do you see on ISE logs?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card