This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I know this is relatively a "dumb" question, but just wanted to be sure because someone put doubt in my head. Actually, two questions to ensure absolute clarity.
1. Will Cisco ISE ONLY work with AnyConnect, specifically for the posture and other modules to deliver the rules and profiles "to and from" ISE? Meaning no other "third-party" resource delivery agent would work.
2. Assuming the answer to number 1 is "Yes," then the question is: while you need AnyConnect "as a tool of ISE," are you required to only use AnyConnect specifically for the VPN service/connection? Meaning, you can have a different VPN solution (say, OpenVPN) for the actual "tunnel"/protection of the connection, but you still have to have AnyConnect installed and configured to work with ISE for the profile access rules, correct?
Solved! Go to Solution.
Thank you, that is helpful information. I guess what I'm focussing on is pushing out network access based on specific profiles within ISE which will determine what that person can access or if accessing from a non-domain joined computer it would read that and then could limit access. I guess determination of the type of device from which the user is connecting could only be determined from the Posture through AnyConnect. However, if just interested in network access rights/permissions controlled by ISE (profiles), could that be done without the Posture process you mentioned - meaning, would there be an easy/simple way to trigger DACL based on user authentication in order to control what the person could access over VPN?