Guest

Preview Tool

Cisco Bug: CSCup64248 - ISE 1.2 wrong live sessions number for VPN clients behind NAT

Last Modified

Feb 27, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.906) 1.3(0.566)

Description (partial)

Symptom:
The ISE displays wrong number of active sessions.
The ISE displays and counts only one live session for all the VPN users connecting to a VPN device with the same source IP - from behind NAT.
The ISE displays and counts only one live session for all the telnet/SSH users connecting to a device with the same source IP - from behind NAT.

Conditions:
Multiple VPN users, e.g. AnyConnect users, connecting to a single VPN device.
All the users have the same source IP, e.g. they are in one office with PAT in place.
The calling-station-id sent by the VPN device to the ISE is the public IP address and is the same for all the users.

OR

Multiple users are connecting to a network device with telnet / SSH from a single source IP, e.g from terminal server, or from behind NAT/PAT.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.