02-24-2018 01:50 AM - edited 02-21-2020 10:46 AM
Hi, folks.
Is there a possibility for the AnyConnect NAC/Posture module to check for a particular network it is connected to ??
Here is the situation and what I am trying to achieve:
This process runs fine when connected to the company LAN, the point is, it also runs, when the client is connected to a DIFFERENT/NON-COMPANY network, in which there is no NAC/ISE at all !!!
Is there a config option somewhere to make the NAC agent on the client check, which network it is connected to (company owned or foreign) and based on that result, either run or skip the whole NAC process ???
Grateful for any clues
Rgs
Frank
02-26-2018 04:00 PM
Hi
Normally if you configured your profile with discovery host, when users are out of your network, the posture should fall but they can get access to the network.
There's no option to say to not perform posture. The posture is always there but have an impact only on your protected network.
Out of your office, they can connect anywhere else even if the posture fails
02-28-2018 05:36 PM
02-28-2018 11:47 PM
03-01-2018 05:11 AM
03-01-2018 05:15 AM
In addition of what Rahul said for stealth mode, you have some posture check not available in that mode.
I've implemented it once and rollback right away to normal mode because of user experience.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: