Cisco Bug: CSCuq32696 - PSN removes removes proxy-state attributes from IPN
Jun 09, 2016
- Cisco Identity Services Engine
Known Affected Releases
Symptom: Topology: VPN client <-> ASA <-> IPEP <-> PSN (proxy) <-> external RADIUS. IPEP is proxying Radius requests from the ASA to the PSN and hence inserts a proxy state attribute in request. PSN configured in proxy mode and doing authentication against external RADIUS server hence inserts another proxy state attribute. When reply is received from external RADIUS PSN must remove own proxy state attribute before passing it back to IPEP, instead it removes both own and IPEP proxy attributes, hence authorization on IPEP fails. Conditions: ISE VPN IPEP deployment with PSN configured in proxy mode.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases