Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12397
Views
7
Helpful
3
Replies

Anyconnect Posture ISEPostureCFG.xml file

Go to solution
afahmy
Cisco Employee
Cisco Employee

‎03-02-2018 08:57 AM

Hi all

In case redirection is not possible and there is no desire to use the static client provisioning URL, if one wants to create that file manually to insert it in the directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\ISE Profile


However, there  is a field <PublicKey> in the file that contains the public key.. i assume this is the public key of the ISE certificate? so should be obtaibale and copied to this file , correct?

please confirm and let me know if this can be one of the methods to configure AC and tell it how to contact ISE without redirection

Thanks,

Ahmed.

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Network Engineering
Level 1
Level 1

‎03-02-2018 08:03 PM

Hello,

The public key in the ISEPostureCFG.xml file is from the ISE node.  It's not actually a mandatory component of the file.  If you wish to create the ISEPostureCFG.xml manually, you can install the windows anyconnect profile editor suite which contains an app called "ISE posture profile editor".

If you want to do posture without redirection, you'll need to have ISE 2.2 or later and configure the call home list.

View solution in original post

3 Replies 3

Go to solution
Network Engineering
Level 1
Level 1

‎03-02-2018 08:03 PM

Hello,

The public key in the ISEPostureCFG.xml file is from the ISE node.  It's not actually a mandatory component of the file.  If you wish to create the ISEPostureCFG.xml manually, you can install the windows anyconnect profile editor suite which contains an app called "ISE posture profile editor".

If you want to do posture without redirection, you'll need to have ISE 2.2 or later and configure the call home list.

Go to solution
Mark DeLong
Level 4
Level 4

‎10-12-2020 01:49 PM

Ahmed,

 

Were you able to install the posture module profile manually in that folder on a computer and it worked without requiring the client to be redirected to the client provisioning portal? I have yet to hear of anyone doing this and I have a client that also wants to distribute the software and profile to his computers without using ISE. It doesn't seem like there is any official documentation on this method.

 

Thanks!

Mark

0 Helpful

Go to solution
Network Engineering
Level 1
Level 1
In response to Mark DeLong

‎10-12-2020 02:33 PM

The posture module actually requires two things for it to function properly.  There is the posture module for AnyConnect, and there are the compliance definitions.  Both the posture module and the compliance definitions must be installed to sidestep the provisioning portal redirect req (assuming you're on ISE 2.2+ and set the call home list).  In total  you need 3 items:

  1. ISEPostureCFG w/ call home list
  2. Posture module
  3. Compliance definitions
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents