cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
5653
Views
0
Helpful
1
Replies

The right ACL-POSTURE-REDIRECT in ISE

r.mohannad
Level 1
Level 1

I have an issue in  ACL-POSTURE-REDIRECT to download the NAC agent. I got the right page to download and install the agent from the access switch. However, I got error status-2 when trying to download the agent. The intial ACL was as follows

ip access-list extended ACL-POSTURE-REDIRECT

deny udp any any eq domain

deny udp any host "ISE_IP" eq 8905

deny udp any host "ISE_IP" eq 8906

deny tcp any host "ISE_IP" eq 8443

deny tcp any host "ISE_IP" eq 8905

permit ip any any

Then I modified to be like this

ip access-list extended ACL-POSTURE-REDIRECT

deny udp any any eq domain

deny ip any host "ISE_IP"

permit ip any any

The second access list did work for me, but not all the time. !! so which access list should I apply

Thanks

1 Reply 1

bhthapa
Level 1
Level 1

This issue applies to user sessions during the client  provisioning phase of authentication. The Possible Causes The client  provisioning resource policy could be missing required settings.

Ensure that a client provisioning policy exists in Cisco ISE. If yes,  verify the policy identity group, conditions, and type of agent(s)  defined in the policy.(Also ensure whether or not there is any agent  profile configured under Policy >Policy Elements > Results >  Client Provisioning > Resources > Add > ISEPosture Agent  Profile, even a profile with all default values.)ā€¢ Try reauthenticating  the client machine by bouncing the port on the accessswitch

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: