Hello guys
John and Balazs - did you figure this out eventually? I'm unable to find this bug-id in any of the 6.6 patches or the 6.5.x patches. I'm assuming then that the bug is still in effect.
Is there other ways to do this without the need for a bounce to trigger the CoA correctly?
6.6.0 introduced some new features in relation to Cisco ASA. Did this help this issue in any way?
ClearPass 6.6 is now able to extract the auth-session-id from CiscoAVPair VSA to use in Change of Authorization (CoA). The username value is now used as the key when creating or querying a session in a multi-master session cache. This makes it possible to send a CoA when the Calling-Station-ID value includes the IP address format. To use this feature, in Policy Manager go to Configuration > Enforcement > Profiles, copy the default [Cisco - Terminate Session] profile, and modify it to include the Cisco-AVPair attribute. For more information on configuration, testing, and troubleshooting, refer to the Policy Manager 6.6 User Guide. (#17812)
* Cisco ASA requires the audit Session ID in the RADIUS Change of Authorization (CoA) message. ClearPass extracts the audit-session-id from the VPN RADIUS authentication message. There are new properties to cache the Cisco-AVPair with the value that contains the audit-session-id. These properties can be used to cache any custom attribute that contains the particular value. (#24403)