Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1723
Views
0
Helpful
3
Replies

Cisco ISE VPN posture with ASA

M.Jallad
Level 1
Level 1

‎11-03-2015 01:38 AM - edited ‎03-10-2019 11:12 PM

Hi,

We have a ISE 1.4 deployment in which we are doing posture assessment for VPN users connecting through ASA version 9.3(3). users are connecting normally , authentication and authorization are done succesffuly , however, when nac agent pops up anyconnect vpn client disconnects and the following message appears :

"

The secure gateway has terminated the VPN connection.
The following message was received from the secure gateway: COA initiated

"

How could we keep the CoA initiation from disconnecting VPN client.

Appreciate your help ,

Best Regards,

Muayad Jallad,

Labels:
0 Helpful
3 Replies 3

M.Jallad
Level 1
Level 1

‎11-03-2015 07:47 AM

Hi ,

Just wanted to update that problem was resolved successfully , it was TACACS command authorization defined on ASA that was preventing the DACL from being configured on ASA which was triggering anyconnect VPN termination.

it was resolved after configuring device administration autorization policy on ACS to give ISE authorization on ASA.

Best Regards,

Muayad Jallad,

0 Helpful

santiago.jem
Level 1
Level 1

‎04-27-2016 03:56 AM

Hello Muayad,

May I ask if this has affected all or just one of your anyconnect users?

I have a similar issue but just on one user.

Any advice is greatly appreciated.

Thank you.

Jem

0 Helpful

snicklas
Level 4
Level 4

‎08-23-2017 01:36 PM

Not using ACS, its all ISE/RADIUS now in this enviroment, but the dACL was originally imported from ACS. The dACL that ISE pushes to the ASA for the VPN session needs to use subnet mask format instead of wildcard format for dACL lines that reference networks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents