Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
0
Replies

ISE CWA redirection problem

Amr Abdelsalam
Level 1
Level 1

‎11-14-2017 04:42 AM - edited ‎02-21-2020 10:38 AM

Dears ,

i am doing CWA on ISE 2.2  , and when the client connects and opens a web browser and the redirection page opens only in firefox and sometimes IE  , opens as a link and the guest login page doesnt open , and in chrome it says there is a security problem

https://ise.ise-lab.com:8555/portal/gateway?sessionId=C0A8010B0000009604C7B82E&portal=ceeeeff2-c7ab-11e7-9c9d-000c29cfc6ca&action=cwa&token=fa316e4d886f7762c521341e69dea061
1.jpgmy ise config are

2.jpg3.jpg4.jpg
the switch show command is 

SW-AlexHQ#show authentication sessions

Interface MAC Address Method Domain Status Session ID
Gi1/0/23 b499.bae5.e7e5 mab DATA Authz Success C0A8010B0000009604C7B82E

SW-AlexHQ#show authentication sessions int gig 1/0/23
Interface: GigabitEthernet1/0/23
MAC Address: b499.bae5.e7e5
IP Address: 192.168.1.38
User-Name: B4-99-BA-E5-E7-E5
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
ACS ACL: xACSACLx-IP-pre-auth-dacl-5a084e0c
URL Redirect ACL: redirect
URL Redirect: https://ISE.ise-lab.com:8555/portal/gateway?sessionId=C0A8010B0000009604C7B82E&portal=ceeeeff2-c
7ab-11e7-9c9d-000c29cfc6ca&action=cwa&token=fa316e4d886f7762c521341e69dea061
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8010B0000009604C7B82E
Acct Session ID: 0x00000098
Handle: 0xD0000097

Runnable methods list:
Method State
mab Authc Success
dot1x Not run


ISE config on the switch are |
aaa group server radius ISE-GROUP
server name ISE
!
aaa authentication login default enable
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting dot1x default start-stop group radius

aaa server radius dynamic-author
server-key 7 1511021F0725
dot1x system-auth-control
dot1x test timeout 90
dot1x critical eapol
interface GigabitEthernet1/0/23
switchport mode access
ip access-group list-1 in
history BPS
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab

ip http server
ip http secure-server
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server retransmit 2
radius-server timeout 3
radius-server deadtime 30
radius-server key 7 0822455D0A16
radius-server vsa send accounting
radius-server vsa send authentication
radius-server load-balance method least-outstanding ignore-preferred-server
!
radius server ISE
address ipv4 192.168.1.66 auth-port 1812 acct-port 1813
key 7 121A0C041104
ip access-list extended redirect
permit tcp any any eq www
permit tcp any any eq 443


PLEASE , ASSIST ME

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents