This might not be the appropriate place for this question but I am hoping someone else has had a similar issue. We have our Cisco WLC and ISE integrated using our Active Directory for the Idenity Store. I have create a profile for the iPads that has the Root CA for our internal Domain and I am able to deploy it without issue and the user puts in their username/password and they are able to connect. The problem I am having is when the password is changed for the end user, example my password expired and I changed it using my windows 7 laptop. Now the iPad has the old password stored and it will not let me connect. We are in the process of changing over from Free Radius as our authentication method for Wireless and when the same scenario occurs with the FreeRadius server the iPad will prompt for the password after it fails authentication. From what I could tell ISE didn't do this. We are using PEAP and from the setup I have found that on a PEAP connection failure for Authenticaton there is only reject, does this mean that ISE will always reject the connection if invalid credentials are supplied?
I don't believe there is a way on the iPad to put in new credentials unless you "Forget" the network, and from what I can tell this is not possible if the Network was install with a profile, therefore the only option is to remove the profile. Now how does the end user get the profile if they have no connection to the network? Is there a way for ISE to see that the user is valid but the password isn't and prompt back to the iPad for the correct password?
I know why the authentication fails, the password stored on the iPad is not correct because the user has had to change the AD password due to expiration. Since this is a failed login and we are using PEAP, will ISE only reject the connection with no communication back to the supplicant/iPad?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...