Hello! I had a question about a case in particular It's a bit far-fetched, but in short, does exist on ISE or in another appliance on Cisco a function that allow scanning for VPN connections and Endpoint Connections? For example: I have an ASA connected to a Radius server for 2nd factor and an Active Directory for user credentials, the ASA does a DHCP pool for Remote Access VPN connections, but I can't scan users such as what type of operating system, version or software they have installed in the device also applications that they are trying to connecto to, information about the host in general. And in another case, is it possible in ISE to make rules or policies to not allow a connection of a host if doesn´t have the latest patches or patches of a specific date/time installed in the device?
I was investigating in some forums but I couldn't find a solution that met what I was looking for to implement.
Hoping not to bother you with my doubt, I am very attentive to any advice or help you can give me.
Solved! Go to Solution.
ISE posture (deployed as ISE posture module for endpoints) will do most of what you are looking for. Here's a prescriptive guide - https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273
Interesting, about Hostscan with DAP, i´m going to investigate about that also.
Another question, it is posible to implement something similar in Firepower like Hostscan in this case? I know that devices with a Static IP can be identify easily but its the DHCP clients that make a little bit difficult to know who is who.