03-23-2016 04:49 AM - edited 03-10-2019 11:36 PM
Hi Guys,
We´re facing a reauthorization problem related with Anyconnect 4.1 after Authentication timer inactivity on the switch port expire, after the time expire, the sesson goes to the Unknow state (normal behavior) but when the user starts to work the machinne, the Anyconnect doesn´t start the scan to put this session on Compliance again. If I force the scan (uncheck and Check the Block connections to untrust servers option on Preference tab) then it do a scan and change the status to Compliance state.
Is this a best practicies work with Authentication timer inactivity and Anyconnect Posture features ?
Thanks a lot.
03-23-2016 07:41 PM
Hmm, it is possible that you are hitting a bug. Have you tried AnyConnect 4.2 ?
Thank you for rating helpful posts!
03-24-2016 04:29 AM
Hi Neno,
I tried with anyconnect 4.2.02075 but i´ts not solved the problem.
Thanks a lot.
03-24-2016 09:06 AM
Can you post screen shots from:
1. Administration > System > Settings >Posture > Reassessments.
2. Administration > System > Settings >Posture > General Settings.
3. Your Posture Profile
Thank you for rating helpful posts!
03-24-2016 10:15 AM
03-27-2016 10:51 PM
To me everything looks correct. I would suggest you open a TAC case and ask Cisco to assist. Let us know what happens!
Thank you for rating helpful posts!
04-08-2016 01:25 PM
Hi Neno,
The TAC suggested a workaround changing the client posture assessment condition. In this way the connection maintain authorized even after the Authentication timer inactivity expire. I tested in my and problem was solved, I´ll apply it on the customer.
Administration-->Settings-->Posture-->General Settings
From=Perform posture assessment every time a user connects to the network
To= Perform posture assessment every 1 day
Thanks a lot.
04-09-2016 06:41 AM
Yes, with that change the endpoint will remain "compliant" for the whole day after it passes posture once.
Let us know if this workaround works for you.
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide