cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2205
Views
0
Helpful
2
Replies

anyconnect deployment for cisco ISE 2.4

tamratandarge
Level 1
Level 1

Hi,

I wanted to deploy cisco anyConnect Secure Mobility Client for more than 1000 client machines. however, regarding the Network access profile, Once I configure the profiles using cisco anyconnect NAM, is there a way to centrally push to all the client machines or should I configure on each machine? for example if I have the following access profiles (Wired-PEAP, Wired-EAP_FAST,...) to be available on each machines anyconnect mobility client.

1 Accepted Solution

Accepted Solutions

Colby LeMaire
VIP Alumni
VIP Alumni

Most customers will use something like Microsoft SCCM to push out the Anyconnect software packages and the profiles.  You can also use the ISE Client Provisioning process to update the profiles for NAM.  Just configure your Anyconnect configuration file within Policy->Policy Elements->Results->Client Provisioning.  First upload your profiles there and then configure the Anyconnect configuration file.  In that configuration, select the checkbox for NAM and select the appropriate profile you want to push down.  Your Client Provisioning policy will determine which Anyconnect configuration file applies to which devices.

View solution in original post

2 Replies 2

Colby LeMaire
VIP Alumni
VIP Alumni

Most customers will use something like Microsoft SCCM to push out the Anyconnect software packages and the profiles.  You can also use the ISE Client Provisioning process to update the profiles for NAM.  Just configure your Anyconnect configuration file within Policy->Policy Elements->Results->Client Provisioning.  First upload your profiles there and then configure the Anyconnect configuration file.  In that configuration, select the checkbox for NAM and select the appropriate profile you want to push down.  Your Client Provisioning policy will determine which Anyconnect configuration file applies to which devices.

To add to Colby's response, you can also the traditional GPO push.
Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.