Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Security Group Tag, and SGFW

Hi, I'm trying to configure SGFW with ASA 5585-20,

I registered in ISE, and imported pac, matched all shared secret, password. peering with WLC via SXP.

so I got the USER IP and TAG, However, ASA cannot download the environment-data from ISE.

When I enable debug cts all in asa, it says error recieved from ISE.

and on live Authentications on ISE,


Event5405 RADIUS Request dropped
Endpoint Id
Endpoint Profile
Authorization Profile

Authentication Details

Source Timestamp2013-08-08 10:24:06.691
Received Timestamp2013-08-08 10:24:06.691
Policy Serverise
Event5405 RADIUS Request dropped
Failure Reason11303 Could not parse the cts-pac-opaque attribute
ResolutionRefer to the documentation for the client's supplicant to perform a new PAC-provisioning operation.
Root causeThe cts-pac-opaque cisco-av-pair attribute contained in the Secure RADIUS request did not parse.
User Type
Endpoint Id
Endpoint Profile
IP Address
Identity Store
Identity Group
Audit Session Id
Authentication Method
Authentication Protocol
Service Type
Network DeviceASA5585X
Device TypeFirewall#ASA5585X
NAS IP Address172.30.0.1
NAS Port Id
NAS Port TypeVirtual
Authorization Profile
Posture Status
Security Group
Response Time

and, also 5420 SGA Data Download Failed.

does anyone know how to solve this problem ?

I'm usning ASA 9.1, ISE 1.2 official release.

Everyone's tags (6)
New Member

Security Group Tag, and SGFW

I wouldn't expect too much help from cisco on this.

Poorly documented...

New Member

Security Group Tag, and SGFW

Try patching ise with this : ise-patchbundle-

comand: patch install ise-patchbundle-

It fixed my issue.

New Member

This fix my issue too... Tks

This fix my issue too... Tks ThibaultMean