Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
10
Helpful
3
Replies

Cisco AnyConnect on-connect script trigger via ISE

Go to solution
rashish135@yahoo.co.in
Level 1
Level 1

‎07-04-2022 11:02 PM

Hi
We are using Cisco AnyConnect with posture check via Cisco ISE.

 

Now we want to run some Windows scripts for AnyConnect users post connecting VPN and completing posture check.

 

Please guide how we can configure ISE to triggers script with COA.

 

Regards

Ashish Shah

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pavagupt
Cisco Employee
Cisco Employee
In response to rashish135@yahoo.co.in

‎07-06-2022 12:19 AM

Hello Ashish Shah,
i am still unclear on "trigger the script from ISE during COA". However, i am giving the possibilities from ISE.
1. You can run scripts (on Windows, Powershell scripts can be used whereas on SHELL scripts on macOS) as part of remediation starting from ISE 3.1 onwards. You can refer to Posture Script Remediation for more details on this.
2. In upcoming release ISE 3.2 onwards, Administrator can run a script as a Posture condition to check against Windows, macOS and Linux (PowerShell, SHELL and SHELL respectively) OS along with existing native Posture AM/Process/registry/file..etc checks. Currently ISE 3.2 is running in beta version and you can refer more details about Posture script condition

3. The Endpoint Scripts Wizard in 3.0+ allows you to run scripts on connected endpoints to carry out administrative tasks that comply with your organization’s requirements. This includes tasks such as uninstalling obsolete software, starting or terminating processes or applications, and enabling or disabling specific services.

View solution in original post

3 Replies 3

Go to solution
rashish135@yahoo.co.in
Level 1
Level 1

‎07-05-2022 09:15 PM

Hi

Thanks for the reply. But this is not I am looking for. 

 

We have logon script and posture enabled. But when user login to AnyConnect script start running before posture check complete.

 

So we want to trigger the script from ISE during COA and i am looking for calling script in ISE.

 

Regards

Ashish Shah

0 Helpful

Go to solution
pavagupt
Cisco Employee
Cisco Employee
In response to rashish135@yahoo.co.in

‎07-06-2022 12:19 AM

Hello Ashish Shah,
i am still unclear on "trigger the script from ISE during COA". However, i am giving the possibilities from ISE.
1. You can run scripts (on Windows, Powershell scripts can be used whereas on SHELL scripts on macOS) as part of remediation starting from ISE 3.1 onwards. You can refer to Posture Script Remediation for more details on this.
2. In upcoming release ISE 3.2 onwards, Administrator can run a script as a Posture condition to check against Windows, macOS and Linux (PowerShell, SHELL and SHELL respectively) OS along with existing native Posture AM/Process/registry/file..etc checks. Currently ISE 3.2 is running in beta version and you can refer more details about Posture script condition

3. The Endpoint Scripts Wizard in 3.0+ allows you to run scripts on connected endpoints to carry out administrative tasks that comply with your organization’s requirements. This includes tasks such as uninstalling obsolete software, starting or terminating processes or applications, and enabling or disabling specific services.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents