We are configuring ISE posture to be implemented to Anyconnect VPN. Decided to use tunnel-group-name condition to have separate posture policy between tunnel groups, but the issue is the attribute looks to be not working.
I already checked in Live Logs and we are using the correct attributes CVPN3000/ASA/PIX7x-Tunnel-Group-Name then tried (Equals,Matches,Starts,Contains) to our vpn-group name but is failing to work. Checked that vpn-group name sent from ASA to ISE live logs is correct.