Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
0
Replies

ISE posture for VPN: is tunnel all required?

Ralphy006
Level 1
Level 1

‎06-14-2017 01:07 PM - edited ‎03-11-2019 12:47 AM

I have an issue with MAC’s. Currently, I have VPN posturing setup with my Anyconnect client, ISE posture client, and Compliance module pointing to ISE.

 

We are in a split-tunnel setup.

 

Upon initial connection, Posturing happens fine. My machine is marked as "compliant." When I disconnect, my posture module stays "compliant." When I reconnect, it does NOT try to re-evaluate my posture status. and ISE thinks it's in the unknown state.

 

If I go to an internal page, I get redirected to ISE. And when that happens, my posture module still doesn't re-evaluate.

 

If I change my VPN to tunnel-all, it works fine.

 

enroll.cisco.com's IP has been added to my split tunnel. I also have ALL DNS going through the tunnel.

 

Is tunnel-all a requirement?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents