cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

278
Views
0
Helpful
0
Replies
Highlighted
Beginner

Unable to authenticate SSL VPN Web Portal using ISE and RSA

Hi,

After implementing ISE, we are unable to authenticate to the SSL VPN Web Portal using ISE and RSA.

Our setup is as follows, our Cisco 5545-X vpn concentrators make a call to ISE when a user log in, then ISE is a client of our RSA server for radius. In RSA, we show a successful connection but, in ISE we see a rejection.

It appears the issue is ISE related. This is only happening with the web portal. Normal client vpn works successfully. 

Any advice? 

Cisco Identity Services Engine

11001 Received RADIUS Access-Request
  11017 RADIUS created a new session
  15049 Evaluating Policy Group
  15008 Evaluating Service Selection Policy
  15048 Queried PIP - DEVICE.Device Type
  15048 Queried PIP - Radius.NAS-Port-Type
  15006 Matched Default Rule
  15041 Evaluating Identity Policy
  15006 Matched Default Rule
  15013 Selected Identity Source - RSA_RADIUS
  24609 RADIUS token identity store is authenticating against the primary server - RSA_RADIUS
  11100 RADIUS-Client about to send request - RSA_RADIUS
  11101 RADIUS-Client received response - RSA_RADIUS ( Step latency=2054 ms)
  24612 Authentication against the RADIUS token server succeeded - RSA_RADIUS
  24623 User record was cached - RSA_RADIUS
  22037 Authentication Passed
  24423 ISE has not been able to confirm previous successful machine authentication
  15036 Evaluating Authorization Policy
  15048 Queried PIP - Cisco.cisco-av-pair
  15048 Queried PIP - Network Access.EndPointMACAddress
  15048 Queried PIP - EndPoints.LogicalProfile
  15048 Queried PIP - MDM.DeviceRegisterStatus
  15048 Queried PIP - Session.PostureStatus
  15048 Queried PIP - Network Access.EndPointMACAddress
  15048 Queried PIP - EndPoints.LogicalProfile
  15004 Matched rule - Default
  15016 Selected Authorization Profile - DenyAccess
  15039 Rejected per authorization profile
  11003 Returned RADIUS Access-Reject

Everyone's tags (4)