Solved: anyconnect deployment for cisco ISE 2.4

tamratandarge · ‎04-16-2020

Hi,

I wanted to deploy cisco anyConnect Secure Mobility Client for more than 1000 client machines. however, regarding the Network access profile, Once I configure the profiles using cisco anyconnect NAM, is there a way to centrally push to all the client machines or should I configure on each machine? for example if I have the following access profiles (Wired-PEAP, Wired-EAP_FAST,...) to be available on each machines anyconnect mobility client.

Colby LeMaire · ‎04-16-2020

Most customers will use something like Microsoft SCCM to push out the Anyconnect software packages and the profiles. You can also use the ISE Client Provisioning process to update the profiles for NAM. Just configure your Anyconnect configuration file within Policy->Policy Elements->Results->Client Provisioning. First upload your profiles there and then configure the Anyconnect configuration file. In that configuration, select the checkbox for NAM and select the appropriate profile you want to push down. Your Client Provisioning policy will determine which Anyconnect configuration file applies to which devices.

View solution in original post

Colby LeMaire · ‎04-16-2020

Most customers will use something like Microsoft SCCM to push out the Anyconnect software packages and the profiles. You can also use the ISE Client Provisioning process to update the profiles for NAM. Just configure your Anyconnect configuration file within Policy->Policy Elements->Results->Client Provisioning. First upload your profiles there and then configure the Anyconnect configuration file. In that configuration, select the checkbox for NAM and select the appropriate profile you want to push down. Your Client Provisioning policy will determine which Anyconnect configuration file applies to which devices.

Anurag Sharma · ‎04-16-2020

To add to Colby's response, you can also the traditional GPO push.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.