Guest

Preview Tool

Cisco Bug: CSCut40643 - AC NAM: 3.1.7021 eap-fast PAC Provisioning SSL handshake fails with ISE

Last Modified

Mar 15, 2016

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

3.1(7021) 4.0(2039)

Description (partial)

Symptom:
Clients connecting to ISE via AC 3.1.07021 using EAP-FAST and PAC sometimes successfully authenticate (AUTH C), ISE recognizes the PAC as expired and falls back to Anonymous PAC provisioning. After the PAC provisioning finishes, the client attempts to SSL handshake with the new PAC and there is a client failure and the client passes a ENCRYPTION ALERT back to ISE. ISE recognizes the handshake failure and the client session fails AUTH Z.

Conditions:
EAP-FAST
PAC Provisioning from ISE
AC NAM v 3.1.07021
Authentications (AUTH C) are sucessfull, PAC is expried, PAC is repovisioned handshake failure from client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.