Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3330
Views
5
Helpful
2
Replies

Anyconnect 4.7 bypassing, networks configured for NAC Agent

Go to solution
raulantoniorz91
Level 1
Level 1

‎09-22-2019 07:43 AM

Hi,

 

I'm installing ISE 2.6 with Anyconnect 4.7 with ISE Posture VPN Posture and Compliance Module 4.3 for posture. But When test PC is connected to NAD, it gets authenticated but Compliance Modue shows message "Byppassing anyconnect scan your network is configured to use Cisco NAC Agent", and ISE shows Pending Posture for this end point.

 

I have configured Posture conditions, policies and there will be no redirection to portal since it is a requirement from end customer, for security non-compliant users should contact IT crew to get Anyconnect instead of download from client privisioning portal because AD policies don't allow to users to install external programs.

 

This is the current configuration

 

Conditions, only to check if there is a McAfee instalation

 

Anotación 2019-09-22 092517.png

Posture requirements

 

Anotación 2019-09-22 092837.pngAnotación 2019-09-22 092944.pngAnotación 2019-09-22 093200.pngAnotación 2019-09-22 093436.pngAnotación 2019-09-22 093551.pngAnotación 2019-09-22 093715.png

Thank you for your help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-22-2019 08:25 AM

Hi, You are checking for version 3.x or earlier of the compliance module in the requirements and posture policy, however you are using version 4.3, change this to version 4.x or later.

 

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎09-22-2019 08:25 AM

Hi, You are checking for version 3.x or earlier of the compliance module in the requirements and posture policy, however you are using version 4.3, change this to version 4.x or later.

 

HTH

0 Helpful

Go to solution
raulantoniorz91
Level 1
Level 1
In response to Rob Ingram

‎09-22-2019 09:00 AM - edited ‎09-22-2019 09:01 AM

Hi,

Thank you for your help, I needed to move AV condition as AM condition to use it as 4.x version, since AV conditions are available only for 3.x. When applied and shut/no shut to user interface now  Posture Status is "NotApplicable".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents