cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

491
Views
0
Helpful
1
Replies
Highlighted
Beginner

I want to group VPN users and apply Posture differently.

I have a question and would like an answer.

I am using ASA5525 - ISE2.6.

I am preparing to use the Posture feature in the ASA - ISE environment.

I want to group VPN users and apply Posture differently.

I think it identity group in the ISE Posture policy menu.

However, why does the "Posture system scan" proceed when the User "ns3793" is the "test" group in the ISE user identity and the identity group specified in the Posture policy is "B_group"?

20190628_034115.png20190628_034124.png

I am wondering why the Posture System Scan is proceeding when I try to connect Anyconnect though the groups are different.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: I want to group VPN users and apply Posture differently.

Looks to be defect from your description. Suggest contacting TAC.

 

Aside from the user group, are there any other attribute you can use? Are the users in different tunnel group? If so you could try custom condition such as 'Cisco-VPN3000:CVPN/ASA/PIX7x-Tunnel-Group-Name(146)'.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Re: I want to group VPN users and apply Posture differently.

Looks to be defect from your description. Suggest contacting TAC.

 

Aside from the user group, are there any other attribute you can use? Are the users in different tunnel group? If so you could try custom condition such as 'Cisco-VPN3000:CVPN/ASA/PIX7x-Tunnel-Group-Name(146)'.

View solution in original post