Scribd
Upload
588 views

AS-Live Log

The document summarizes an authentication failure event in Cisco Identity Services Engine (ISE). Key details include: - The user "uccxsupervisor" attempting to authenticate from the endpoint with IP address 68.35.193.73 failed authentication. - The authentication was denied due to the selected authorization profile "DenyAccess" containing an ACCESS_REJECT attribute. - Additional context provided includes the endpoint profile, identity source, policies evaluated, and attributes returned.

Uploaded by

artead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
588 views

AS-Live Log

The document summarizes an authentication failure event in Cisco Identity Services Engine (ISE). Key details include: - The user "uccxsupervisor" attempting to authenticate from the endpoint with IP address 68.35.193.73 failed authentication. - The authentication was denied due to the selected authorization profile "DenyAccess" containing an ACCESS_REJECT attribute. - Additional context provided includes the endpoint profile, identity source, policies evaluated, and attributes returned.

Uploaded by

artead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

8/5/2020 Cisco Identity Services Engine

Steps
Overview
11001 Received RADIUS Access-Request
Event 5400 Authentication failed
11017 RADIUS created a new session
Username uccxsupervisor 15049 Evaluating Policy Group

15008 Evaluating Service Selection Policy


Endpoint Id 00:0C:29:8A:06:1C
15048 Queried PIP - Cisco-VPN3000.CVPN3000/ASA/PI
Endpoint Profile Windows10-Workstation 15048 Queried PIP - Cisco-VPN3000.CVPN3000/ASA/PI

Authentication Policy EmployeeVPNCheck >> Default 15041 Evaluating Identity Policy

15013 Selected Identity Source - AAACOOPER


Authorization Policy EmployeeVPNCheck >> Default
24430 Authenticating user against Active Directory - AAA

Authorization Result DenyAccess 24325 Resolving identity - uccxsupervisor

24313 Search for matching accounts at join point - aaaco

24319 Single matching account found in forest - aaacoop

Authentication Details 24323 Identity resolution detected single matching accou


24343 RPC Logon request succeeded - uccxsupervisor@
Source Timestamp 2020-08-05 08:20:52.57
24402 User authentication against Active Directory succe

Received Timestamp 2020-08-05 08:20:52.57 22037 Authentication Passed

ISE has not confirmed locally previous successful


24715
Policy Server DC1ISE01 user in Active Directory
15036 Evaluating Authorization Policy
Event 5400 Authentication failed
24209 Looking up Endpoint in Internal Endpoints IDStore
Failure Reason 15039 Rejected per authorization profile 24211 Found Endpoint in Internal Endpoints IDStore

Authorization Profile with ACCESS_REJECT attribute was selected as a result of 15048 Queried PIP - CERTIFICATE.Serial Number
Resolution the matching authorization rule. Check the appropriate Authorization policy rule- 15016 Selected Authorization Profile - DenyAccess
results.
15039 Rejected per authorization profile
Root cause Selected Authorization Profile contains ACCESS_REJECT attribute 11003 Returned RADIUS Access-Reject

Username uccxsupervisor

Endpoint Id 00:0C:29:8A:06:1C

Calling Station Id 68.35.193.73

Endpoint Profile Windows10-Workstation

Authentication Identity Store AAACOOPER

Identity Group Workstation

Audit Session Id 0a5a0c04719a10005f2ab234

Authentication Method PAP_ASCII

Authentication Protocol PAP_ASCII

Network Device dc2asa

Device Type All Device Types#ASA

Location All Locations#Data Centers#DC2

NAS IPv4 Address 10.90.12.4

NAS Port Type Virtual

Authorization Profile DenyAccess

Response Time 17 milliseconds

Other Attributes

ConfigVersionId 77

Device Port 7605

DestinationPort 1645

RadiusPacketType AccessRequest

https://10.0.101.220/admin/liveAuthenticationDetail.do 1/3
8/5/2020 Cisco Identity Services Engine

Protocol Radius

NAS-Port 1905922048

Tunnel-Client-Endpoint (tag=0) 68.35.193.73

CVPN3000/ASA/PIX7x-Tunnel-
eCspire
Group-Name

OriginalUserName uccxsupervisor

NetworkDeviceProfileId b0699505-3150-4215-a80e-6753d45bf56c

IsThirdPartyDeviceFlow false

CVPN3000/ASA/PIX7x-Client-Type 2

AcsSessionID DC1ISE01/385718999/271196

SelectedAuthenticationIdentityStores AAACOOPER

IdentityPolicyMatchedRule Default

AuthorizationPolicyMatchedRule Default

ISEPolicySetName EmployeeVPNCheck

IdentitySelectionMatchedRule Default

AD-User-Resolved-Identities [email protected]

AD-User-Candidate-Identities [email protected]

AD-User-Join-Point AAACOOPER.COM

CN=Uccx Supervisor,OU=Cisco,OU=Test
AD-User-Resolved-DNs
Users,OU=AAAUsers,DC=aaacooper,DC=com

AD-User-DNS-Domain aaacooper.com

AD-User-NetBios-Name AAACOOPER

IsMachineIdentity false

UserAccountControl 512

AD-User-SamAccount-Name uccxsupervisor

AD-User-Qualified-Name [email protected]

DTLSSupport Unknown

HostIdentityGroup Endpoint Identity Groups:Profiled:Workstation

IdentityAccessRestricted false

Network Device Profile Cisco

Location Location#All Locations#Data Centers#DC2

Device Type Device Type#All Device Types#ASA

IPSEC IPSEC#Is IPSEC Device#No

RADIUS Username uccxsupervisor

Device IP Address 10.90.12.4

CPMSessionID 0a5a0c04719a10005f2ab234

Called-Station-ID 192.206.238.4

mdm-tlv=device-platform=win,
mdm-tlv=device-mac=00-0c-29-8a-06-1c,
mdm-tlv=device-platform-version=10.0.19041 ,
mdm-tlv=device-public-mac=00-0c-29-8a-06-1c,
mdm-tlv=ac-user-agent=AnyConnect Windows 4.9.00086,
mdm-tlv=device-type=VMware, Inc. VMware Virtual Platform,
CiscoAVPair
mdm-tlv=device-
uid=6FDB11F67AE66C2646DC7AD81CE3F9E8E611126D0CC82B8E23AEEC
BB4185ABAB,
audit-session-id=0a5a0c04719a10005f2ab234,
ip:source-ip=68.35.193.73,
coa-push=true

https://10.0.101.220/admin/liveAuthenticationDetail.do 2/3
8/5/2020 Cisco Identity Services Engine
Result

RadiusPacketType AccessReject

AuthenticationResult Passed

Session Events

https://10.0.101.220/admin/liveAuthenticationDetail.do 3/3

You might also like