Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
9
Replies

No redirection to ISE Posture Portal

abkadour
Level 1
Level 1

‎10-31-2024 06:44 AM

Dear community,

I'm configuring the Posture with client provisioning. when the user tries to connect to the network, he is successfully authenticated, but he is not being redirected to redirect URL. when i try to manually enter the URL on different browsers i get the portal to download the anyconnect ressources. here is the DACL that use for the authorization profile : 

# permit udp any eq bootpc any eq bootps

# permit udp any any eq domain

# permit icmp any any

# permit tcp any host < ISE_Node> eq 8443

# permit tcp any host < ISE_Node> eq 8905

# permit udp  any host < ISE_Node> eq 8905

For the Redirect ACL on the switch Catalyst 2960X-15.2.7 : 

# deny udp  any eq bootps any

# deny udp any any eq bootpc

# deny udp any eq bootpc any

# deny udp any any eq domain

# deny udp any host <ISE_Node> eq 9805

# deny tcp any host <ISE_Node> eq 9805

# deny udp any host <ISE_Node> eq 8443

# permit tcp any any eq www

# permit tcp any any eq 443

on the switch , i can see that is applying the DACL and ACL and giving the URL redirect

  • Any help please !! 

  

0 Helpful
9 Replies 9

Flavio Miranda
VIP
VIP

‎10-31-2024 07:27 AM

@abkadour 

 Can I see the output of "show license" ?

0 Helpful

abkadour
Level 1
Level 1
In response to Flavio Miranda

‎10-31-2024 07:32 AM

i'm actually using an evaluation license

0 Helpful

Flavio Miranda
VIP
VIP
In response to abkadour

‎10-31-2024 07:36 AM

Keep in mind that LAN Lite model does not support features like CoA or DACLs

0 Helpful

abkadour
Level 1
Level 1
In response to Flavio Miranda

‎10-31-2024 07:44 AM

it's a Catalyst switch 2960X so i suppose its LAN Base model. Can you please give the link to refer to 

0 Helpful

abkadour
Level 1
Level 1
In response to Flavio Miranda

‎11-01-2024 07:25 AM

its WS-C2960X-48FPS-L , its LAN Base model so i think it support DACL and redirection

0 Helpful

abkadour
Level 1
Level 1
In response to abkadour

‎11-01-2024 07:31 AM

are the ACL and Dacl correct ! 

0 Helpful

Flavio Miranda
VIP
VIP
In response to abkadour

‎11-01-2024 07:36 AM

Try to deny the port 443 only for ISE

# deny tcp any <ISE> eq 443

Keep the the permit for everything else

permit tcp any any eq 443

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-01-2024 09:41 AM

"deny udp any host <ISE_Node> eq 8443" this line is wrong and it has to be replaced with "deny tcp any host <ISE_Node> eq 8443", ISE portal runs on port 8443 in TCP not UDP. Try to change that and see if it fixes the issue.

0 Helpful
Customers Also Viewed These Support Documents