12-17-2013 02:17 PM - edited 03-10-2019 09:11 PM
Hey guys and gals,
I need to confirm something. I am new to this but in my current environment we use Cisco anyconnect for posture checking and its using the CTA portion of anyconnect. I want the laptop to pass a posture check without using the CTA. If I add a posture policy to my ACS to look for a file or any registry key would I be able to authenticate on the network without CTA? I would keep CTA in place but I just want to add an addition to the posture policy. Please let me know.
Thanks
12-17-2013 09:19 PM
Wow,
You are going way back! You are using the old nac framework where the CTA is used to relay the tokens/health status of the client. You need CTA since that is client that reports back to ACS on the posture status and if you meet the policy.
See step 4 in the posture validation section on the link below.
http://www.cisco.com/en/US/docs/security/cta/2.1.103.0_supplicant/admin_guide/ctaOver.html
thanks,
Tarik Admani
*Please rate helpful posts*
12-18-2013 06:33 AM
Does that have anything to do with the Network Polices because they show as not active. Only laptops that are joined to the domain is allowed on the network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide