Solved: Re: Anyconnect Posture Issue

osman869 · ‎09-25-2023

Hello,

I have ISE 3.2 Patch 3 and I am doing only posture checks on client machines.

IDEAL SCENARIO (Working with most of the machines)

Step 1- Machine Authenticates = Goes to Limited Access VLAN

Step2- User Logs in = Stays in Limited Access VLAN but AC runs and performs the posture check

Step 3- If PC is complaint = COA and PC will change the VLAN

ISSUE:(Random issue on random machines)

Some machines are stuck in step 2 as they stay in the posture test for some time (even for hours). Sometimes I need to reconnect the Wire or enable disbale the WiFi after step 2 to initiate the connection between client's PC and ISE to perform the compliance.

OBSERVATION:

I am not sure but I doubt that after Step 2 the PC lost (anyconnect) its connectivity to ISE. Its very random issue.

Any clue why this is happening.

Greg Gibbs · ‎09-26-2023

Much more detail would be needed to provide any meaningful assistance. You would likely be best pulling a DART bundle from one of the problem PCs when it happens an opening a TAC case to investigate.

View solution in original post

ahollifield · ‎09-27-2023

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

View solution in original post

Greg Gibbs · ‎09-26-2023

Much more detail would be needed to provide any meaningful assistance. You would likely be best pulling a DART bundle from one of the problem PCs when it happens an opening a TAC case to investigate.

Peter Koltl · ‎09-27-2023

Try another Compliance Module version

ahollifield · ‎09-27-2023

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356