07-28-2018 04:49 AM - edited 07-28-2018 05:48 AM
Hi
I deployed Cisco ISE 2.3 posture assessment,end user anyconnect is installed, everything in posture work fine but the problem is sometimes when user login , redirection to provisioning portal (for downloading anyconnect) occured and this massage appear : "Cisco ISE unable to detect Anyconnect posture agent" and user network access facing with problem , what can I do for solving this problem, Thanks
07-28-2018 09:48 AM
As your issue happening sometimes, please open a Cisco TAC case, if not done so already. We need to analyze the states of the network device, ISE PSN, and AnyConnect ISE posture module together when such occurs. At very least, provide TAC with the DART support bundles taken from clients experiencing it and the approximate time points.
You might want to try the latest of AnyConnect 4.6 and see if it improves.
07-30-2018 02:28 AM - edited 07-30-2018 02:34 AM
I will open TAC for sure, my deployment information is here:
Cisco ISE 2.3
AnyConnectDesktopWindows 4.5.2036.0
AnyConnectComplianceModuleWindows 4.3.122.0
I created 3 authorization profile in cisco ise : 1-compliant 2-non-compliant 3- unknown
access list on switch for redirection purpose (I use this access list in unknown authorization profile)
Extended IP access list ACL_REDIRECT
10 deny udp any eq bootpc any eq bootps
20 deny udp any any eq domain
30 deny ip any host <cisco ise ip address>
40 permit tcp any any eq www
50 permit tcp any any eq 443
60 deny ip any any
unknown DACL:
permit udp any eq bootpc any eq bootps
permit udp any any eq 53
permit ip any host <ise ip address>
deny ip any any
Non-compliant DACL:
deny ip any any
compliant DACL:
permit ip any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide