Hi, I'm trying to configure SGFW with ASA 5585-20,
I registered in ISE, and imported pac, matched all shared secret, password. peering with WLC via SXP.
so I got the USER IP and TAG, However, ASA cannot download the environment-data from ISE.
When I enable debug cts all in asa, it says error recieved from ISE.
and on live Authentications on ISE,
Overview| Event | 5405 RADIUS Request dropped | | Username | | | Endpoint Id | | | Endpoint Profile | | | Authorization Profile | |
|
Authentication Details| Source Timestamp | 2013-08-08 10:24:06.691 | | Received Timestamp | 2013-08-08 10:24:06.691 | | Policy Server | ise | | Event | 5405 RADIUS Request dropped | | Failure Reason | 11303 Could not parse the cts-pac-opaque attribute | | Resolution | Refer to the documentation for the client's supplicant to perform a new PAC-provisioning operation. | | Root cause | The cts-pac-opaque cisco-av-pair attribute contained in the Secure RADIUS request did not parse. | | Username | | | User Type | | | Endpoint Id | | | Endpoint Profile | | | IP Address | | | Identity Store | | | Identity Group | | | Audit Session Id | | | Authentication Method | | | Authentication Protocol | | | Service Type | | | Network Device | ASA5585X | | Device Type | Firewall#ASA5585X | | Location | DJ | | NAS IP Address | 172.30.0.1 | | NAS Port Id | | | NAS Port Type | Virtual | | Authorization Profile | | | Posture Status | | | Security Group | | | Response Time | |
|
and, also 5420 SGA Data Download Failed.
does anyone know how to solve this problem ?
I'm usning ASA 9.1, ISE 1.2 official release.
