cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1629
Views
0
Helpful
2
Replies

ISE Posture over Anyconnect VPN - system scan compliant , ISE status pending

asimk
Level 1
Level 1

ISE v2.6 patch 6 (was also happening in v2.3)

AC version 4.7.04056

ASA version 9.8

 

Hi Guys

 

I have an issue for some of my users where the system scan module on their Anyconnect says "compliant" but the ISE logs show that the posture status is pending.

I'm using the ISEPostureCFG.xml file to define the PSNs.

The users connect to ASA's for VPN connectivity.

 

I'm pretty sure that the issue is happening because the authentication is done using PSNA and the posturing checks are done using PSNB.

 

This is only happening for some users.

 

Has anyone experienced this before?

Do you have any advice on how to stop this happening?

 

Many thanks

 

AK

 

 

 

 

2 Replies 2

asimk
Level 1
Level 1

an additional question, can we get the Anyconnect client to rebuild the ConnectionData.xml file on every VPN  log on?

hslai
Cisco Employee
Cisco Employee

It appears that you have been working with Cisco TAC. As this much involved, please continue working through TAC.

The connectionData.xml is updated after successful discovery by ISE posture module in AnyConnect.