Guest

Preview Tool

Cisco Bug: CSCvi84357 - Wrong posture status can be returned by ISE as reply on NG-Discovery probe with enabled post

Last Modified

Aug 08, 2018

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

2.1(0.905)

Description (partial)

Symptom:
In the deployments (ISE 2.1P5 nd above) where posture lease is enabled and mostly for posture over VPN connections it may be observed intermittently that endpoint is getting 'compliant' status in AnyConnect while session is in 'pending' state on ISE.

Conditions:
- ISE 2.1P5 and later,
- Deployment configured for posture lease
- Endpoint has multiple network adapters,
- First posture is done over Ethernet for example,
- Then user connected to VPN using Wireless adapter as "Public IP"
- User is disconnected,
- Wireless MAC removed from Context Visibility,
- User connects to VPN again over Wireless NIC
- ISE shows that session is pending,
- AC shows compliant to the end user,
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.