Lab Minutes Forum

Technical Discussion => Security => Topic started by: adecisco on November 28, 2013, 11:35:36 PM

Title: ISE PROJECT SO FAR
Post by: adecisco on November 28, 2013, 11:35:36 PM
So far we keep moving forward on the project. Wired and guest services policies configuration are completed. Wireless in the roadmap as there are no wireless infrastructure.

But here is the current issues with WSUS remediation. DACL permitted WSUS server and remediation is meant to be automatic but NAC agent reports can't reach WSUS.

Further troubleshooting show ISE can reach WSUS. A pointer or client will be of help..

Thanks.
Title: Re: ISE PROJECT SO FAR
Post by: MC on November 29, 2013, 11:21:46 PM
You can try to relax the DACL to make sure the client can reach WSUS server during remediation. Last resort would be running packet capture on the client port and see if there is actually any traffic to WSUS server.
Title: Re: ISE PROJECT SO FAR
Post by: adecisco on November 30, 2013, 12:55:03 AM
Packet capture will be a way to go because the server is permitted in dacl and deny in racl. Is there any where I can get video that demonstrate wsus remediation? Any help will be helpful.
SimplePortal 2.3.7 © 2008-2024, SimplePortal