cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

106
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

Switching from stealth to hidden and back

Hello Everyone,

I am working on a customer request where they have SOE devices with VPN and posture hidden. however now the requirement is that the users part of a group in AD should see the VPN client i.e. the VPN client should not be hidden for them, whereas the posture client will still be in stealth mode.

Also moving forward if the user is moved from that AD group then the VPN client + posture module should in changed back to orignal state i.e. both hidden/stealth.

Please let me know if someone have done something similar.

As per my understanding if we do the client provisioning with AD group check as condition then we can push a config profile (let say show.cfg for VPN client and a stealth.xml profile for posture). This will be for set of users who wants VPN available for their use.

below that we can create another rule where we will not match the AD group check and we will push a config file (let say hide.cfg for VPN client and a stealth.xml profile for posture). This will be for all other users.

Please suggest if this looks good for am i missing something.

Best Regards,

Rajat Sharma

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Switching from stealth to hidden and back

Yes, that should work. You will need two separate AnyConnect profile and map them to two different client provisioning policy rule.

2 REPLIES 2
Cisco Employee

Re: Switching from stealth to hidden and back

Yes, that should work. You will need two separate AnyConnect profile and map them to two different client provisioning policy rule.

Cisco Employee

Re: Switching from stealth to hidden and back

Thank you for your response earlier. It worked the way I thought but it is not end user friendly as user have to logoff/restart the machine to kick the changed profile.