02-13-2018 12:29 AM
Hi Everyone,
I am having some issues with a new solution i am trying to get working. In this specific case i need an FMC to do pxgrid integration with ISE, to get SGT information for my access policy rules. The thing is a expected pxgrid to inform the FMC about changes to a session, such as if a session is re-authenticated and gets a new SGT, FMC should be updated, this does not seem to happen, only when i issue a CoA Disconnect or just disconnect the device and wait for the session to timeout then reconnect does this happen, this unfortunetale is not an option in this scenario.
I am wondering if this is an ISE bug, or maybe some kind of corner case? Seems odd that pxgrid wouldnt update the session subscribers, when a session is given a different authorizatiopn profile after re-authentication.
adi debugging on the FMC, also only shows anything happening when i Coa Disconnect, and not with CoA Reuathentication, i also have connected a pxgrid script based on the pxgrid Java SDK to the ISE, and it also doesn't receive any update for the session unless a CoA Disconnect is issued.
ISE : 2.3 Patch2 (also tested with 2.1 patch2)
FMC/FTD : 6.2.2.1
Regards,
Jan
Solved! Go to Solution.
03-26-2018 07:16 AM
Hey Jan,
True will setup a webex, so we can discuss.
Thanks,
John
03-26-2018 07:16 AM
03-27-2018 04:07 AM
Sounds good, looking forward to it.
Jan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: