cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

103
Views
5
Helpful
2
Replies

Anyconnect 4.7 bypassing, networks configured for NAC Agent

Hi,

 

I'm installing ISE 2.6 with Anyconnect 4.7 with ISE Posture VPN Posture and Compliance Module 4.3 for posture. But When test PC is connected to NAD, it gets authenticated but Compliance Modue shows message "Byppassing anyconnect scan your network is configured to use Cisco NAC Agent", and ISE shows Pending Posture for this end point.

 

I have configured Posture conditions, policies and there will be no redirection to portal since it is a requirement from end customer, for security non-compliant users should contact IT crew to get Anyconnect instead of download from client privisioning portal because AD policies don't allow to users to install external programs.

 

This is the current configuration

 

Conditions, only to check if there is a McAfee instalation

 

Anotación 2019-09-22 092517.png

Posture requirements

 

Anotación 2019-09-22 092837.pngAnotación 2019-09-22 092944.pngAnotación 2019-09-22 093200.pngAnotación 2019-09-22 093436.pngAnotación 2019-09-22 093551.pngAnotación 2019-09-22 093715.png

Thank you for your help.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Anyconnect 4.7 bypassing, networks configured for NAC Agent

Hi, You are checking for version 3.x or earlier of the compliance module in the requirements and posture policy, however you are using version 4.3, change this to version 4.x or later.

 

HTH

2 REPLIES 2
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Anyconnect 4.7 bypassing, networks configured for NAC Agent

Hi, You are checking for version 3.x or earlier of the compliance module in the requirements and posture policy, however you are using version 4.3, change this to version 4.x or later.

 

HTH

Re: Anyconnect 4.7 bypassing, networks configured for NAC Agent

Hi,

Thank you for your help, I needed to move AV condition as AM condition to use it as 4.x version, since AV conditions are available only for 3.x. When applied and shut/no shut to user interface now  Posture Status is "NotApplicable".