Guest

Preview Tool

Cisco Bug: CSCvv34188 - ISE DOC: In guest flow, posture only supports temp agent and not anyconnect

Last Modified

Sep 03, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.901)

Description (partial)

Symptom:
Need to configure Anyconnect for Guest users. The Guest users need to be compliant before getting network access.
++ In customers environment we see the Client provisioning flow is not coming up when Guest compliance settings feature is enabled under a normal self registered guest portal
++ The guest user is given direct network access without the part of installation of AnyConnect.
++ We reproduced the same in the lab on ise 2.4 version. The same behavior is seen as seen in the customers environment.
++ The feature works fine when Temporal agent is used but not when Anyconnect is used
Deployment details: Single node
Symptoms (Error messages):
In the Guest flow when we reach the part of Device security Check we should get the window of "Download anyconnect " on the portal but it is not seen
++ Post IP refresh and renew, direct network access is given


Seems like this feature has never been tested on ISE earlier.

Trigger: Customer was using Temporal agent and was working fine. But for more conditional checks they wanted to incorporate AnyConnect and noticed it does not work with AC.


++ Restored Customers backup on same ISE version
++ Reproduced in the lab

As informed by DE and BU team:
In guest flow, posture only supports temp agent. 

Not mentioned in the document:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html#concept_4C3040517158421DB606B3E1CFB9D8E6

Conditions:
In Guest flow, posture with Anyconnect guest compliance.

Temporal agent only supported
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.