Guest

Preview Tool

Cisco Bug: CSCut59117 - ISE Cisco-VPN3000 Attributes missing and inconsistent

Last Modified

Jul 22, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(0.899) 1.2(1.198) 1.3(0.876)

Description (partial)

Symptom:
There are a few VPN3000 Cisco VSA attributes that are either missing or inconsistent on ISE.
The attribute ID on ISE should match with the ID's specified at http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ref_extserver.pdf and http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/aaa-radius.html#32985

Conditions:
Using Cisco VSA VPN3000 attributes on ISE.
eg of some attributes
In ACS
CVPN3000/ASA/PIX7.x-SVC-Download-Ask ID is 131
In ISE
CVPN3000/ASA/PIX7.x-Partition-Premise-Router ID is 131

In ACS
CVPN3000/ASA/PIX7.x-SVC-Download-Ask-Timeout ID 132
In ISE

CVPN3000/ASA/PIX7.x-Partition-Max-Sessions ID 132

in ACS 
CVPN3000/ASA/PIX7.x-IPSec-Proxy-PAC-URL ID 133
in ISE
CVPN3000/ASA/PIX7.x-Partition-Mobile-IP-Key ID 133

in ACS
CVPN3000/ASA/PIX7.x-Strip-Realm ID 135
in ISE
CVPN3000/ASA/PIX7.x-Strip-Realm ID 136 Change of ID

in ACS
CVPN3000/ASA/PIX7.x-WebVPN-Smart-Tunnel ID 136
In ISE
It no longer exists
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.