Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2614
Views
15
Helpful
1
Replies

Cisco AnyConnect Upgrade with Posture check on ISE

Go to solution
rashish135@yahoo.co.in
Level 1
Level 1

‎08-24-2021 11:06 PM - edited ‎08-24-2021 11:08 PM

Hi

We have Cisco AnyConnect VPN solution with posture check on ISE. For this posture compliance module is pushed via client provisioning portal from ISE. Now we are planning to upgrade Cisco AnyConnect VPN + posture client. But when we push new AnyConnect client and compliance module via SCCM, and try to connect with new version of clients, still old modules getting downloaded and ultimately failing.

 

Can someone recommend how we should upgrade Cisco AnyConnect secure mobility client with posture check.

1 person had this problem
Preview file
760 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-24-2021 11:40 PM

Hi rashish135@yahoo.co.in,

You should modify your Posture AnyConnect configuration file, and to enable deferral. This means that ISE will not push updates, for as long as you are on minimum defined versions (your current versions):

 

Capture.PNG

 

This means that if your AnyConnect is at minimum v.4.10.01075, and/or your compliance module is it at minimum version v4.3.1770.6145, ISE won't force update. These versions should be your current ones, while new versions should be defined in configuration file.

BR,

Milos

View solution in original post

1 Reply 1

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-24-2021 11:40 PM

Hi rashish135@yahoo.co.in,

You should modify your Posture AnyConnect configuration file, and to enable deferral. This means that ISE will not push updates, for as long as you are on minimum defined versions (your current versions):

 

Capture.PNG

 

This means that if your AnyConnect is at minimum v.4.10.01075, and/or your compliance module is it at minimum version v4.3.1770.6145, ISE won't force update. These versions should be your current ones, while new versions should be defined in configuration file.

BR,

Milos

Customers Also Viewed These Support Documents