11-16-2019 04:13 AM
Hi Experts,
We are moving away from NAC Agent to Cisco AnyConnect.
There is this weird behaviiour that we are seeing, the AnyConnect is running the posture check twice.
Once, when its in limited access and checks if the endpoint is compliant or not, then reports it as compliant.
So as per the policy a compliant endpoint should get production IP address through VLAN change, so it waits for the new IP address to be assigned, when its assigned the posture check happens again.
Ideally the post the reporting the endpoint as compliant the IP change should happen immediatly, which is not the case here
I have also tweaked the wait timers and DHCP releaes and renew timers from the client profile.
Has anyone seen this issue before? Or is it working as designed?
Solved! Go to Solution.
11-16-2019 04:33 AM
11-16-2019 04:33 AM
11-24-2019 09:54 PM
Yes, have increased it to 25 seconds and still there is no change in the posture running twice.
We are working with a TAC and he has captured LAN traffic from the endpoint, distribution server and DHCP server to further analyse it.
Will post an update soon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide