Tuesday, November 9, 2021

Cisco ISE Posture - ASA VPN

Howdy!

I’m trying to setup a PoC for posture compliance over Cisco AnyConnect VPN (via Cisco ASA) for a customer.

I’ve got it setup in ISE so that if the posture status of the VPN client is “unknown” it redirects them to the default portal and uses an ACL I created on the ASA that looks like this:

Deny any domain (allows DNS) Deny any ISE (allows access to ISE) Permit any web (Denys any web traffic)

When I connect to the VPN, it doesn’t install the posture agent and check my compliance. I just get restricted based on the ACL listed above.

Is there something else I’m missing here? I’ve uploaded the AnyConnect and Compliance module to ISE, and setup the policy to install it, but nothing is working.

Any help would be much appreciated.



No comments:

Post a Comment