Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
241
Views
0
Helpful
3
Replies

Cisco ISE Posture Check only for remote vpn users

cheng.cathy
Level 1
Level 1

‎07-10-2025 12:04 AM

\How to set up the posture policy to do check only for remote vpn(Cisco secure client) users, no posture check for users connected via wired or wifi?

 

Thanks

 

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎07-10-2025 12:11 AM - edited ‎07-10-2025 12:33 AM

try use in posture policy  condition NAD IP which is FW IP 
MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎07-10-2025 12:32 AM - edited ‎07-10-2025 12:33 AM

Policy > Policy Elements > Posture > Posture Policy

Condition 

NAS-IP-address (FW IP)

MHM

0 Helpful

Rob Ingram
VIP
VIP

‎07-10-2025 12:12 AM

@cheng.cathy you just need to add a condition in your ISE Authorisation rules to match RAVPN sessions and not Wired/Wireless connections. Add a condition for Remote Access VPN users such as NAD IP address of the ASA/FTD or NAD group or Tunnel Group name and then assign the Posture Authorisation Profile to ensure posture runs. Example using tunnel group name:-

RobIngram_0-1752131324536.png

For the Wired/Wireless user session, they would not match the the more specific rules for RAVPN and would match another rule, which does not run posture.

Reference webinar on RAVPN posture - https://community.cisco.com/t5/security-videos/community-live-7-9-cisco-ise-posture-over-remote-access-vpn/ba-p/5307501

 

0 Helpful
Customers Also Viewed These Support Documents