Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
725
Views
0
Helpful
2
Replies

Anyconnect 3.1.11004 - NAM - wrong credentials

mukka
Level 1
Level 1

‎10-22-2015 07:33 AM - edited ‎02-21-2020 08:31 PM

I am trying to deploy the EAP chain authentication with user and machine certificate. 

User credentials are ok, but the machine credentials are wrong.

 

NAM - Editor - Anyconnect configuration:

    Machine credential:

    Protected Identity Pattern: host/[username].[domain]

 

    ISE has used the right credetials for authenticantion:

       host/machine_name.domain

    But during the authorization, I can see the ISE server using the wrong informations: 

       host/domain

 

anyone already faced it ?

 

thanks,

Murilo

Labels:
0 Helpful
2 Replies 2

Robert Jankowski
Level 1
Level 1

‎10-22-2015 07:34 AM

Do you have Anyconnect attempting to establish the connection before the user logs in? If so, I believe there would be no username associated so the machine would attempt to log in with it's own machine account instead of waiting for the user login.

0 Helpful

mukka
Level 1
Level 1
In response to Robert Jankowski

‎10-23-2015 01:04 PM

Hi Robert,

I tried to configure the machine authentication with EAP_TLS and it works. 

         I can see host/machinename.domain

 

When I tried the authentication with EAP_CHAIN (tunnel EAP Fast + Authentication EAP_TLS) it is not working properly.

      1. I have the authetication success. User and Machine credetials OK

 

      2. In the authorization, user is ok too, but the machine credential is wrong. 

      I expected host/machinename.domain. But the machine credentials comes as host/domain

 

thanks,

Murilo

0 Helpful
Customers Also Viewed These Support Documents