cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ise 2.6 redirect URL isssue

1551
Views
0
Helpful
5
Comments

Question

hello all , i have a issue about the ise 2.6 redirect url, when i finish ise configuration and try to web auth, what i got  shown as below:

Redirect URL : https://ip:port/portal/gateway?mac=ClientMacValue&portal=27041710-2e58-11e9-98fb 0050568775a3&daysToExpiry=value&action=cwa

the ip:port is not avaliable for me, i require the domain and port 8443, like : test.com:8443, is there any configuration missing on ise or what? thanks!

Answer

 

Comments
Check if you have defined static IP in your authorization profile Policy > Policy Elements > Results > Authorization > Authorization Profiles. Under authorization policy Look for the attribute Static IP/Hostname
Beginner
hello nishad


thanks for you reply. follow your guide, i got the domain in url. but how to made port is 8443 ?? thanks


Redirect URL : https://test.com:port/portal/gateway?mac=ClientMacValue&portal=27041710-2e58-11e9-98fb-0050568775a3&action=cwa




regards
mike.co

It seems you are doing it wrong, it should come automatically there once you select portal in your authorization Policy , In your authorization Policy you have to select web redirection and then select appropriate portal. Read this and you might get the logic

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/117620-configure-ISE-00.html

 

Go to respective portal and click on test URL you will get complete URL.

Beginner
hi Nishad

Thanks for you reply.

i do select the web redirection and prototal in my authorization policy. and i choose static ip/host name/FQDN attribute, i think the url in this profile is fine. i check the link you provided, the url has the same pattern, the port still is port and not be replaced by 8443.

rediect url=https://test.com:port/portal/gateway?mac=ClientMacValue&portal=27041710-2e58-11e9-98fb-0050568775a3&action=cwa

so i guess the issue is when ise send this message to switch, it seems that the value of port and client mac are not replaced. the ise version what i using is 2.6. when i used ise version 2.4, i url result was fine. so i'm not sure what difference between these two version, maybe i need to configure something else on ise 2.6 somewhere?? or maybe i need to install any extra license?? do you have any idea. thanks !!


regards
mike
Beginner

Hello,

 

I do have the same issue, ISE 2.6 patch 3, url redirect port missing for client provisioning portal.

 

cisco-av-pair = url-redirect-acl=WEB_REDIRECT_ACL
cisco-av-pair = url-redirect=https://10.50.32.5:port/portal/gateway?sessionId=SessionIdValue&portal=6852b5f0-6c3c-11ea-95b2-96024cae91df&action=cpp