cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
602
Views
10
Helpful
2
Replies

ISE 2.3 Anyconnect VPN ISE Posture issue

Gagandeep Singh
Cisco Employee
Cisco Employee

Hi Team,

 

I have a question regarding opening up the clients to Microsoft updates.   Before the clients are compliant they are only allowed access to the ISE server and dns/dhcp servers.  Does that mean I have to modify the redirect ACL in the ASA to allow the Microsoft update servers or DACL  from ISE?   Also, Microsoft only provides FQDNs for the  update servers.   They do not provide any IP addresses and they also use wildcards.   How can this be implemented in the ACLor DACL?  Please advice.

 

 

Any help would be appreciated.

 

Regards

Gagan

2 Replies 2

Timothy Abbott
Cisco Employee
Cisco Employee
Depending on the version of ASA code you are using, you could probably use the below guide and then have ISE reference the ACL while the endpoint is in remediation.

https://community.cisco.com/t5/security-documents/using-hostnames-dns-in-access-lists-configuration-steps-caveats/ta-p/3123480

Regards,
-Tim