Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1957
Views
0
Helpful
1
Replies

I want to group VPN users and apply Posture differently.

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎06-27-2019 11:52 AM - edited ‎02-21-2020 11:07 AM

I have a question and would like an answer.

I am using ASA5525 - ISE2.6.

I am preparing to use the Posture feature in the ASA - ISE environment.

I want to group VPN users and apply Posture differently.

I think it identity group in the ISE Posture policy menu.

However, why does the "Posture system scan" proceed when the User "ns3793" is the "test" group in the ISE user identity and the identity group specified in the Posture policy is "B_group"?

20190628_034115.png20190628_034124.png

I am wondering why the Posture System Scan is proceeding when I try to connect Anyconnect though the groups are different.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-28-2019 09:26 AM

Looks to be defect from your description. Suggest contacting TAC.

 

Aside from the user group, are there any other attribute you can use? Are the users in different tunnel group? If so you could try custom condition such as 'Cisco-VPN3000:CVPN/ASA/PIX7x-Tunnel-Group-Name(146)'.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-28-2019 09:26 AM

Looks to be defect from your description. Suggest contacting TAC.

 

Aside from the user group, are there any other attribute you can use? Are the users in different tunnel group? If so you could try custom condition such as 'Cisco-VPN3000:CVPN/ASA/PIX7x-Tunnel-Group-Name(146)'.

0 Helpful
Customers Also Viewed These Support Documents