cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
159
Views
0
Helpful
2
Replies
Highlighted
Enthusiast

AnyConnect NAM & ActivClient

I am wondering if anyone has come across the following scenario and if so what was your fix:

In some areas of our environment we run NAM on our Win10 workstations to utilize eap-chaining.  The machines use ActivClient as the middleware.  We have noticed that sometimes when users select their PIV (authentication) certificate to use for authentication in an attempt to map their UPN to their AD account that ActivClient & NAM pass the UPN without the extended string.  For example, what I mean by that is if my Sub. Alt. Name UPN is 123456789*121005* (121005 being the additional string) that NAM passes 123456789 to ISE and users are not hitting the proper authz policy because ISE does not see/attempt to map their UPN to AD.  We have ran through a lot of tests and will continue to.  

Here are the versions of everything:

ISE 2.4p5 (moving to patch 6 soon)

NAM 4.6.01103

Tested the following versions of ActivClient (7.1.0.153) (7.1.0.213) (7.1.0244)

 

Any help is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AnyConnect NAM & ActivClient

Since this is strictly a NAM issue it looks like then please post to the Anyconnect VPN forum
2 REPLIES 2
Cisco Employee

Re: AnyConnect NAM & ActivClient

Since this is strictly a NAM issue it looks like then please post to the Anyconnect VPN forum
Cisco Employee

Re: AnyConnect NAM & ActivClient

Please do continue on the other post at NAM & ActivClient Issue. If you are unable to provide a DART bundle requested there, then do it through the regular Cisco TAC support process.