Solved: AnyConnect Maintenance

Krzysztof Grabowski · ‎05-26-2017

Hi,

I have a few questions regarding AnyConnect software maintenance in ISE wired/wireless deployment. Could you please help me with the following:

What is the recommended way to keep AnyConnect (NAM and ISE Posture modules in my case) up to date on endpoints: use ISE CPP or SCCM system?
Must AnyConnect client have ISE Posture module installed and connect properly with regular posture URL redirect in order to update AnyConnect software and XML profiles for different modules? (I don't see any other method for endpoint to discover and connect to PSN apart from using Posture module).
If one deploys AnyConnect with NAM and ISE Posture Module using ISE Client Provisioning Portal with user redirect, does the initial install of AC require administrator's privileges?
Once AnyConnect is installed, do the AC updates (whenever client re-connects to the network) require user to have administrator's privileges?

Cheers,

Chris

hslai · ‎05-28-2017

It's up to you and the customers. Either would work.
The endpoints need a way to discover the ISE PSN. ISE 2.2 introduces using the friendly URL of ISE client provisioning portal to perform such web deploy.
Yes, it needs admin privileges if AC not yet installed.
Nope.

hslai · ‎05-28-2017

It's up to you and the customers. Either would work.
The endpoints need a way to discover the ISE PSN. ISE 2.2 introduces using the friendly URL of ISE client provisioning portal to perform such web deploy.
Yes, it needs admin privileges if AC not yet installed.
Nope.

Krzysztof Grabowski · ‎05-29-2017

Cheers,

Chris

--

Christopher Grabowski

NETWORK CONSULTING ENGINEER

CCIE Security #42466

cgrabows@cisco.com

Phone: +48 12 321 2007

Mobile: +48 539 907 308

..:|:..:|:.. www.cisco.com