02-27-2018 10:03 PM
Hi all, customer is trying to use Anyconnect posture module for posture. ISE 2.3 in use. Anyconnect package and compliance module uploaded on ISE (client provisoining steps are all done the same way done in lab successfully before many many times!),..so what happens is Authentication succeeds and end user is able to access client provisioning portal (via static FQDN) but the client is not actually downloaded and instead user is given compliant status right away once they hit the start button !!!
if try to download AC manually it won't see ISE server although redirect rules are in place on switch and are working on other PCs where NAC agent is installed (note this is a fresh PC with no NAC agent installed before Anyconnect). Configured call home list on ISE but of course Anyconnect is not able to download the configuration from ISE because it can't see it. The DACL is currently permit any any. So it can't be the reason communication is failing.
has anybody seen this before? Is there a way to install ISEPostureCFG.xml on the PC with the manual install of Anyconnect ?
Solved! Go to Solution.
02-28-2018 01:10 AM
Yes. Exactly. It just give me internet access without installing the client.
I have to delete the client provisioning rules and reconfigure that rule.
And it works like magic.
Regards,
Sai
02-27-2018 11:03 PM
Please see this information in the AC Admin guide
02-27-2018 11:15 PM
Thanks but I don’t know how that helps ?
I have a specific issue I’m trying to solve
Sent from my iPhone
02-27-2018 11:24 PM
02-27-2018 11:32 PM
Thank Danny, you’re focusing only on the last part of the question.
My main question is whether someone has experienced this behavior before where the end user gets to the client provisioning portal, hits start but the AC package doesn’t download and they are instead provided compliant status immediately without installing the client.
02-27-2018 11:41 PM
Will do some research and follow up..
02-28-2018 12:46 AM
Hi Afahmy,
I have faced that issue a few weeks ago in my lab environment. I was testing to migrate NAC to Anyconnect.
Following are some issue that i've encounter,
You can pre install anyconnect software in your machine and AC will download your AC configuration and compliance module once you connect to network or you could do a manually provisioning.
Hope you could get something from this.
Regards,
Daniel Sai
02-28-2018 12:58 AM
Sami
Did it give you compliant WITHOUT installing the client ?
Thanks
Ahmed
Sent from my iPhone
02-28-2018 01:10 AM
Yes. Exactly. It just give me internet access without installing the client.
I have to delete the client provisioning rules and reconfigure that rule.
And it works like magic.
Regards,
Sai
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide