08-25-2021 08:22 AM
Hi
I have multiple Anyconnect connection profiles using ISE for authentication and one profile will not connect and I am seeing ISE servers being marked as failed in the logs. The same ISE servers are being used for all profiles and I can see successful login on ISE console.
The same profile on another ASA is working perfectly with the same users using the same ISE servers.
Thanks in advance
Declan
08-25-2021 08:58 AM
I would start with a "debug radius" and "debug aaa ..." to see if there is any hint on what is going wrong here.
08-25-2021 09:59 AM
Thanks
Here are some logs for successful and failed connection
6 113004 AAA user authentication Successful : server = 10.x.x.x.x : user = myuser
6 113009 AAA retrieved default group policy (ProfileB-VPN) for user = myuser
6 113008 AAA transaction status ACCEPT : user = myuser
6 113004 AAA user authentication Successful : server = 10.x.x.x.x : user = myuser
6 113009 AAA retrieved default group policy (ProfileA-VPN) for user = myuser
2 113022 AAA Marking RADIUS server 10.x.x.x in aaa-server group ISE as FAILED
2 113023 AAA Marking RADIUS server 10.x.x.x in aaa-server group ISE as ACTIVE
aaa dedug for the failure and success
Resetting 10.x.x.x's numtries
Resetting 0.0.0.0's numtries
Marking server 10.x.x.x down in servertag ISE
Marking server 10.x.x.y down in servertag ISE
Marking server 10.x.x.x in server tag ISE Up
Marking server 10.x.x.y in server tag ISE Up
AAA_BindServer: No server found
ERROR: No active server found
Resetting 10.x.x.x's numtries
Resetting 0.0.0.0's numtries
Resetting 10.x.x.x's numtries
Nothing obvious in the radius debug, I will need to ensure it is sanitized before I could add it here.
Regards
Declan
09-03-2023 02:55 AM
Hi
I currently have the same problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide