Guest

Preview Tool

Cisco Bug: CSCvi80253 - ISE 2.1 ANC returns Access-Reject for VPN with IP as Endpoint ID

Last Modified

Oct 03, 2018

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.1(0.474) 2.1(0.905)

Description (partial)

Symptom:
VPN AuthZ policy set returns Access-Reject even though we are expecting Access-Accept. This inlcudes a default rule we match by default with permit access result still sending back access-reject

Conditions:
VPN legacy authentications from ASA to ISE contain:
[61] NAS-Port-Type - value: [Virtual] 
[26] cisco-av-pair - value: [coa-push=true]

and no attributes indicating the MAC-Address of the client like MDM-TLV:Device-Mac-address

AND

ANC policiy configured with Quarantine exception is enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.