09-24-2020 07:06 AM
Hi All,
We need a few clarifications with respect to the Cisco ISE deployment.
Summary:
Queries:
Solved! Go to Solution.
09-24-2020 08:26 AM
-As long as the AnyConnect probe can reach ISE I dont see this being an issue.
-Please see here for further details on posture capabilities, design, and workflows: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273
-Licenses are consumed on a per session basis. Assuming your question is referencing ISE license consumption, then for each established vpn session that was subject to ISE posture assessment an ISE base and ISE apex license will be consumed. So for example: 10 users subject to ISE posture assessment = 10 ISE base & 10 ISE apex session licenses.
HTH!
09-24-2020 08:26 AM
-As long as the AnyConnect probe can reach ISE I dont see this being an issue.
-Please see here for further details on posture capabilities, design, and workflows: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273
-Licenses are consumed on a per session basis. Assuming your question is referencing ISE license consumption, then for each established vpn session that was subject to ISE posture assessment an ISE base and ISE apex license will be consumed. So for example: 10 users subject to ISE posture assessment = 10 ISE base & 10 ISE apex session licenses.
HTH!
09-25-2020 07:48 AM
Hi Mike,
Currently VPN is not established by AnyConnect agent as per the current design, Customer currently provides access to the Internal resources as users working from home (both Employees and Contractors) via the Citrix NetScaler VDI and Citrix NetScaler VPN Adapter agent.
Does Cisco ISE supports for posture assessment of Endpoints connected through Citrix NetScaler VDI and Citrix NetScaler VPN Adapter agent?
09-27-2020 09:09 PM
ISE cannot posture endpoints with an AnyConnect agent unless they are authenticating to a network device (wired, wireless, VPN). My understanding with VDI is you can simply use a web browser (HTTPS) and not need to do any VPN or care about the posture of the endpoint doing HTTPS to the VDI server.
If you are doing something different, please be very specific about how you are connecting remote endpoints and with which protocols at each step.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: