ā08-17-2020 03:54 AM
ISE v2.6 patch 6 (was also happening in v2.3)
AC version 4.7.04056
ASA version 9.8
Hi Guys
I have an issue for some of my users where the system scan module on their Anyconnect says "compliant" but the ISE logs show that the posture status is pending.
I'm using the ISEPostureCFG.xml file to define the PSNs.
The users connect to ASA's for VPN connectivity.
I'm pretty sure that the issue is happening because the authentication is done using PSNA and the posturing checks are done using PSNB.
This is only happening for some users.
Has anyone experienced this before?
Do you have any advice on how to stop this happening?
Many thanks
AK
ā08-17-2020 05:11 AM
an additional question, can we get the Anyconnect client to rebuild the ConnectionData.xml file on every VPN log on?
ā08-24-2020 12:17 AM
It appears that you have been working with Cisco TAC. As this much involved, please continue working through TAC.
The connectionData.xml is updated after successful discovery by ISE posture module in AnyConnect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide