Ciclic Web Login Page doing Ext Web Auth in ISE Server
I have a problem trying to make external web authentication with an ISE server. I am using the following devices and scenary.
Foreign-Anchor WLC Scenary:
1 WLC 5500 as a Foreign
1 WLC 5500 as an Anchor
1 Asa 5505
1 Internet Cisco Router
1 ISE as a Ext Web Auth Server
1 Core Switch 4500
Anchor WLC is also configured as a DHCP server to give Ip address for wireless guests.
I have configured EoIP successfully between both WLCs and all permissions are given in the firewall, wireless guest can receive ip address from Anchor WLC and load the web login page from ISE server successfully.
I also have created a guest user and the credentials in the sponsor portal from ISE.
When I am trying to get access via a wireless laptop pc I am receiving the web page correctly and entering the credentials I can see I have been authenticated on the ISE server but when I want to navigate on internet I am asked again for entering credentials, this happen again and again. I am setting an access list in the Anchor WLC to make pre-authentication but I don´t see any match on it.
What do I have to configure to avoid this and get access to internet once authenticated?. I want to make LWA instead of CWA.
I want to share I was able to fix the issue described before. My problem was in the rules created on ISE server. All the wireless clients can be authenticated correctly and navigate through internet as a guest client making LWA and redirection.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...