Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

ISE policy server issue

GiHan55803
Level 1
Level 1

‎09-02-2019 01:36 AM

Hello,

We have an issue on our ISE where when a user who works at another site most weeks. When they've been on the 3rd party network their anyconnect profile service updates on our laptops with the 3rd party server settings. When we inspect laptop the policy server is not auto updating by itself and still has the 3rd party server in the configuration. We must replace the cfg file to get this working again.

Is there anything we can do to ensure this updates to our own/stops this being overwritten froma design standpoint.

0 Helpful
1 Reply 1

Colby LeMaire
VIP Alumni
VIP Alumni

‎09-02-2019 10:30 AM

I have to assume that you are referring to the Anyconnect ISE Posture Agent.  It will keep track of any policy servers that it has previously connected to for use in its discovery phase.  If your client provisioning/posture redirection stuff is configured correctly (i.e. redirect ACL, client provisioning policies), then this shouldn't cause a problem.  So I would double check those things first.  Then, you can modify the posture profile in ISE to limit which policy servers it can connect to so that it doesn't connect to PSNs outside of your environment.  You can also use the Discovery Host field there to force it to redirect in your environment.  Use an IP address or FQDN that you know would hit on your redirection ACLs.  Do not put a PSN in the Discovery Host field.  Following is a screenshot:

Posture_Profile.jpg

0 Helpful
Customers Also Viewed These Support Documents