Hi, I'm trying to configure SGFW with ASA 5585-20,
I registered in ISE, and imported pac, matched all shared secret, password. peering with WLC via SXP.
so I got the USER IP and TAG, However, ASA cannot download the environment-data from ISE.
When I enable debug cts all in asa, it says error recieved from ISE.
and on live Authentications on ISE,
OverviewEvent | 5405 RADIUS Request dropped | Username | | Endpoint Id | | Endpoint Profile | | Authorization Profile | |
|
Authentication DetailsSource Timestamp | 2013-08-08 10:24:06.691 | Received Timestamp | 2013-08-08 10:24:06.691 | Policy Server | ise | Event | 5405 RADIUS Request dropped | Failure Reason | 11303 Could not parse the cts-pac-opaque attribute | Resolution | Refer to the documentation for the client's supplicant to perform a new PAC-provisioning operation. | Root cause | The cts-pac-opaque cisco-av-pair attribute contained in the Secure RADIUS request did not parse. | Username | | User Type | | Endpoint Id | | Endpoint Profile | | IP Address | | Identity Store | | Identity Group | | Audit Session Id | | Authentication Method | | Authentication Protocol | | Service Type | | Network Device | ASA5585X | Device Type | Firewall#ASA5585X | Location | DJ | NAS IP Address | 172.30.0.1 | NAS Port Id | | NAS Port Type | Virtual | Authorization Profile | | Posture Status | | Security Group | | Response Time | |
|
and, also 5420 SGA Data Download Failed.
does anyone know how to solve this problem ?
I'm usning ASA 9.1, ISE 1.2 official release.