04-25-2018 11:32 AM
Hello, I have a challenge. I have AnyConnect posture for Antivirus. My computers go to hibernate and after returning from hibernation my Office 365 connection sends me a certificate warning. I assume this is due to the redirection of TCP 80/443 to client provisioning and the ISE PSN certificate being presented instead of Office 365.
Since finding out about Office 365 IP addresses would be a paramount, I thought of having AnyConnect statically look for the PSN/CPP. Has anyone done this? Any guidance on how to accomplish this?
I appreciate it.
Homero Ruiz
Solved! Go to Solution.
04-25-2018 04:41 PM
Per Re: Posture 2.2-style, you can setup a direct link Client Provisioning Portal. Even if redirected to PSN after connection lost, the portal cert should be trusted. However, if redirecting HTTPS, then that would explain cert warning for the NAD itself. Yes, ISE 2.2 Posture without redirect could be used to send request to PSN directly for redirect without NAD intervention.
04-25-2018 04:41 PM
Per Re: Posture 2.2-style, you can setup a direct link Client Provisioning Portal. Even if redirected to PSN after connection lost, the portal cert should be trusted. However, if redirecting HTTPS, then that would explain cert warning for the NAD itself. Yes, ISE 2.2 Posture without redirect could be used to send request to PSN directly for redirect without NAD intervention.
04-25-2018 07:14 PM
The other thing I would say to as this seems to be a common issue people post on is if you aren't using the CPP portal to install anything for posturing (I never do outside of testing), then the URL redirect only needs to intercept port 80 calls to discovery methods, i.e. default gateway, enroll.cisco.com or discovery host. You can still DACL/ACL block traffic in a preposture state but you don't need to URL redirect anything other than the discovery methods.
I see too many people redirecting all HTTP/HTTPS traffic then when the OS is doing portal detection or sending out web traffic it ends up kicking up the CPP page and causing confusion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide