Cisco Bug: CSCut40643 - AC NAM: 3.1.7021 eap-fast PAC Provisioning SSL handshake fails with ISE
Mar 15, 2016
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: Clients connecting to ISE via AC 3.1.07021 using EAP-FAST and PAC sometimes successfully authenticate (AUTH C), ISE recognizes the PAC as expired and falls back to Anonymous PAC provisioning. After the PAC provisioning finishes, the client attempts to SSL handshake with the new PAC and there is a client failure and the client passes a ENCRYPTION ALERT back to ISE. ISE recognizes the handshake failure and the client session fails AUTH Z. Conditions: EAP-FAST PAC Provisioning from ISE AC NAM v 3.1.07021 Authentications (AUTH C) are sucessfull, PAC is expried, PAC is repovisioned handshake failure from client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases