Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1414
Views
0
Helpful
2
Replies

ISE Posture over Anyconnect VPN - system scan compliant , ISE status pending

asimk
Level 1
Level 1

‎08-17-2020 03:54 AM

ISE v2.6 patch 6 (was also happening in v2.3)

AC version 4.7.04056

ASA version 9.8

 

Hi Guys

 

I have an issue for some of my users where the system scan module on their Anyconnect says "compliant" but the ISE logs show that the posture status is pending.

I'm using the ISEPostureCFG.xml file to define the PSNs.

The users connect to ASA's for VPN connectivity.

 

I'm pretty sure that the issue is happening because the authentication is done using PSNA and the posturing checks are done using PSNB.

 

This is only happening for some users.

 

Has anyone experienced this before?

Do you have any advice on how to stop this happening?

 

Many thanks

 

AK

 

 

 

 

0 Helpful
2 Replies 2

asimk
Level 1
Level 1

‎08-17-2020 05:11 AM

an additional question, can we get the Anyconnect client to rebuild the ConnectionData.xml file on every VPN  log on?

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎08-24-2020 12:17 AM

It appears that you have been working with Cisco TAC. As this much involved, please continue working through TAC.

The connectionData.xml is updated after successful discovery by ISE posture module in AnyConnect.

0 Helpful
Customers Also Viewed These Support Documents