Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
1
Replies

ISE Authorization Policy

steelinquisitor
Level 1
Level 1

‎12-18-2013 10:45 AM - edited ‎03-10-2019 09:12 PM

Hey guys,

I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."

Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.

I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.

It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.

I attached the failed and authenticated logs that I got from ISE.

Has anyone have encoutered this issue?

The version that I have is 1.1.1

Thanks

P.S.

I went back to check my autorization condition, and it is blank (See the 1st screenshot)

Labels:
Preview file
35 KB
Preview file
130 KB
Preview file
34 KB
Preview file
111 KB
0 Helpful
1 Reply 1

Amjad Abdullah
VIP Alumni
VIP Alumni

‎12-18-2013 10:54 PM

Hi,

it is obvious that you are not matching any condition.

rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents