Solved: Re: Cisco ISE Clientless Posture with VPN users

rafliraditya · ‎05-31-2023

Hello,

Is it possible to do clientless posture on vpn users using anyconnect? the set up is like this :

Cisco ISE > Cisco ASA > VPN Users

Do we have any articles/guide regarding this usecase?

Thank you

Greg Gibbs · ‎05-31-2023

I haven't tested it, but it should be possible since the Posture flow is triggered by the Authorization Policy. The ASA would perform the Authentication then send the request for Authorization to ISE.

I'm not aware of a single document with the full solution, but you should be able to cobble it together with pieces from a couple of different guides.

ISE authorization policy for ASA VPN user certificates

How To: Agentless Posture Configuration, validation & Troubleshooting

View solution in original post

Greg Gibbs · ‎05-31-2023

I haven't tested it, but it should be possible since the Posture flow is triggered by the Authorization Policy. The ASA would perform the Authentication then send the request for Authorization to ISE.

I'm not aware of a single document with the full solution, but you should be able to cobble it together with pieces from a couple of different guides.

ISE authorization policy for ASA VPN user certificates

How To: Agentless Posture Configuration, validation & Troubleshooting

ahollifield · ‎06-02-2023

Why not do full AnyConnect client posture though? The clients already have AnyConnect installed? Why not push out the ISE Posture module?