This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Is there a possibility for the AnyConnect NAC/Posture module to check for a particular network it is connected to ??
Here is the situation and what I am trying to achieve:
This process runs fine when connected to the company LAN, the point is, it also runs, when the client is connected to a DIFFERENT/NON-COMPANY network, in which there is no NAC/ISE at all !!!
Is there a config option somewhere to make the NAC agent on the client check, which network it is connected to (company owned or foreign) and based on that result, either run or skip the whole NAC process ???
Grateful for any clues
Normally if you configured your profile with discovery host, when users are out of your network, the posture should fall but they can get access to the network.
There's no option to say to not perform posture. The posture is always there but have an impact only on your protected network.
Out of your office, they can connect anywhere else even if the posture fails
In addition of what Rahul said for stealth mode, you have some posture check not available in that mode.
I've implemented it once and rollback right away to normal mode because of user experience.