Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2277
Views
13
Helpful
6
Replies

Secure Network Analytics issue with ISE ANC Integration

davedvo
Level 1
Level 1

‎05-31-2022 02:19 PM

I am unable to manually assign ANC policies to hosts in the Secure Network Analytics Host Report section. When I inspect a specific host and try to assign one at the Host Summary Pane, I am receiving this error:

 

We encountered an error from one or more ISE clusters while retrieving ANC policy information for the host

PFCU_ISE - Session request failed. Please try again or contact technical support if the problem persists.
Select the ANC Policy to apply to ISE cluster for this host: XXX.XXX.XX.XX
ISE Server
PFCU_ISE
Username:
--
MAC:
--
ANC Policy:
Not Available
 Session request failed. Please try again or contact technical support if the problem persists.

Has anyone encountered this issue and have they been able to solve it? I am currently using version :7.4.0 at build: 20210915.1752-1eb7bcbb6a85-1

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-02-2022 12:26 AM - edited ‎06-02-2022 12:27 AM

I've been having a long standing issue with SNA-ISE integration. In my case it's the session subscription (i.e., username-IP address mapping). I'm also running SNA 7.4.0 with the latest rollup patch. My ISE is 3.1 Patch 1. Other pxGrid subscribers (Cisco Secure Firewall Management Center) are consuming the data from ISE just fine.

I've had a TAC case open for several months now without resolution. The latest status is that it is being escalated to engineering.

davedvo
Level 1
Level 1
In response to Marvin Rhoads

‎06-02-2022 04:34 AM

Hi Good Morning Marvin,

 

I've been able to solve the issue I had previously listed, by upgrading to the latest suggested version of the Secure Network Analytics system. This is 7.4.1 from my older 7.4.0 version, for both the Management Center and the Flow Collector that I have in my deployment. This upgrade could fix the issues with username to IP address mapping, that doesn't show up in host reports. 

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to davedvo

‎06-02-2022 12:11 PM

Thanks for the update. I will upgrade to 7.4.1 and give it a try. I had missed that it was released last month.

0 Helpful

davedvo
Level 1
Level 1
In response to Marvin Rhoads

‎06-02-2022 12:12 PM

Hi Marvin,

 

That's no worries. Glad to help out!

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to davedvo

‎06-06-2022 02:57 AM

Unfortunately upgrading to 7.4.1 over the weekend did not help with my problem. So... we will wait for the TAC to figure it out.

182plus44ava
Level 1
Level 1
In response to Marvin Rhoads

‎02-29-2024 09:08 AM

Hey Marvin,

Did TAC ever resolve this issue?  If so, can you share what the fix was?  I'm having a similar issue when running the TrustSec Analytics report.  I get the error message: "We encountered a system error. If the problem persists, please contact Cisco Support."

0 Helpful
Top