Hi guys.
I´m implementing a Cisco ISE in customer now and I have the follow state:
AUTHENTICATION
mab > wired_mab OR wireless_mab > default network protocos > internal endpoints
employee > wired_802.1x OR wireless_802.1x > Radius Server Sequence
Guest > Default network protocols > internal users.
AUTHORIZATION
Guest IF ActivatedGuest Then PermitAccess (vlan L2)
employee_wired_wifi IF Workstation AND (Wireless_802.1X AND Wired_802.1X AND Session:PostureStatus EQUALS Compliant )
then PERMIT_ALL_TRAFFIC
employee_pre_compliant IF Workstation AND (Wireless_802.1X AND Wired_802.1X AND Session:PostureStatus NOT_EQUALS Compliant )
And others configurations to Smartphones (android and apple) for example.
I configured the CLIENT PROVISIONING like this:
employee_win IF any AND windows all AND conditions any Then WebAgent 4.9.0.24
SO, this configuration permit the scenario bellow:
IF employee have NacAgent software installed - the communication happens and posture initiate.
IF employee don´t have the NacAgent, Open Internet Browser and redirect page start to WebAgent provisioning.
This work. BUT to redirect the user to provisioning URL, I have to disable de proxy configurations in (Settings>Internet Options>Connections>Lan Settings).
There are some kind of configuration that permit the Redirec Provisioning URL with internet proxy configured???
PS: Also, do not work with I configured the ISE Ip adress in "proxy exceptions".
Best Regards