cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

291
Views
0
Helpful
3
Replies
Highlighted
Cisco Employee

ISE Result - Customized Error Message On AnyConnect

ISE experts,

My customer has the following AuthZ rule in ISE:

If Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=internal + authentication is EAP-TLS, then permit.  If an employee uses AnyConnect with their personal device without a valid client certificate, the end user sees the “Certificate Validation Failure”.  Please see screen capture below.

Is it possible for ISE to have AnyConnect display another message such as: “AnyConnect has detected that this machine is out of compliance”?

AnyConnect.jpg

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Result - Customized Error Message On AnyConnect

Unfortunately, no.  ISE doesn't play a roll in the AnyConnect messaging for VPN authentication.  If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

3 REPLIES 3
Cisco Employee

Re: ISE Result - Customized Error Message On AnyConnect

Unfortunately, no.  ISE doesn't play a roll in the AnyConnect messaging for VPN authentication.  If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

Cisco Employee

Re: ISE Result - Customized Error Message On AnyConnect

Thanks for getting back to me Tim!

Enthusiast

Re: ISE Result - Customized Error Message On AnyConnect

Hi, sure, you can customize Anyconnect client error messages on ASA via ASDM.

Regards,

Laci,.