cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2834
Views
5
Helpful
1
Replies

Is it possible to get Compliance Module Software from ISE

MSJ1
Level 1
Level 1

Is it possible to get/ download Compliance Module Software from ISE Appliance where it is configured ? I have a problem when a new user ( never connected before to VPN ) not getting the Compliance Module Downloaded. As a result Users are not Compliant and not able to get Authorization which supposed to be done after Posture Validation.

 

Before I check why Software is not downloading automatically after VPN User Authentication  ,  I wanted to download Compliance Module ( 4.3.890.6145 ) from ISE Node  which is not available to download from Cisco Site Software Download Section. 

 

Can you advise  ?

1 Accepted Solution

Accepted Solutions

Mike.Cifelli
VIP Alumni
VIP Alumni

Is it possible to get/ download Compliance Module Software from ISE Appliance where it is configured ? 

-There are several components that integrate with each other in order to make this solution work.  However, you can absolutely rely on the ISE Client Provisioning Portal (CPP) to push the compliance module via webdeploy to clients that you steer to the respective configured portal.  You reference the module version to be pushed in the AnyConnect Configuration that is then assigned as the result in your CPP policy.  For clients that have no software or need an upgrade of the module you will need to redirect the clients to the portal.  This is done in your authz policies.  For workflow guidance I would recommend looking here: ISE Posture Prescriptive Deployment Guide - Cisco Community

If you need an older version I would engage with TAC as they should be able to provide you with what you need.  However, it may be recommended/better practice to use a later more up-to-date version.  HTH!

View solution in original post

1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

Is it possible to get/ download Compliance Module Software from ISE Appliance where it is configured ? 

-There are several components that integrate with each other in order to make this solution work.  However, you can absolutely rely on the ISE Client Provisioning Portal (CPP) to push the compliance module via webdeploy to clients that you steer to the respective configured portal.  You reference the module version to be pushed in the AnyConnect Configuration that is then assigned as the result in your CPP policy.  For clients that have no software or need an upgrade of the module you will need to redirect the clients to the portal.  This is done in your authz policies.  For workflow guidance I would recommend looking here: ISE Posture Prescriptive Deployment Guide - Cisco Community

If you need an older version I would engage with TAC as they should be able to provide you with what you need.  However, it may be recommended/better practice to use a later more up-to-date version.  HTH!