Solved: How Cisco ASA ( anyconnect ) Communicates for VPN User Posture to ISE

subrun.jamil · ‎08-06-2020

Hello,

I am curious to know , if a Cisco VPN AnyConnect is configured and for Posture of this VPN we use Cisco ISE , how Cisco ASA forwards the traffic to Cisco ISE when it does Posture. I have 2 Cisco ISE and I know that PSN is always Active Active but from Cisco ASA AnyConnect VPN Box when there is User Posture Part comes what is the configuration settings need to be done in ASA so that Cisco ASA can delegate Cisco ISE to do the POSTURE part ?

I know that in Cisco ASA Any Connect Configuration ( Specifically Any Connect Client Profile and that Profile can be called at Any Connect Client section of Group Policy ) you can define ISE Posture Profile but how does this relate to my question ?

Mike.Cifelli · ‎08-06-2020

Take a peek at this for a solid understanding of the workflow/config:
https://community.cisco.com/t5/security-documents/how-to-configure-posture-with-anyconnect-compliance-module-and/ta-p/3647768
Lastly, labminutes.com/video/sec has some good free lab config tutorials. HTH!

View solution in original post

Mike.Cifelli · ‎08-06-2020

Take a peek at this for a solid understanding of the workflow/config:
https://community.cisco.com/t5/security-documents/how-to-configure-posture-with-anyconnect-compliance-module-and/ta-p/3647768
Lastly, labminutes.com/video/sec has some good free lab config tutorials. HTH!