Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3586
Views
10
Helpful
3
Replies

ISE Posture with Anyconnect - Standalone mode

Go to solution
Anis Gharbi
Level 1
Level 1

‎11-07-2017 03:43 AM - edited ‎02-21-2020 10:38 AM

Hello Everyone,

 

I'm installing Cisco Anyconnect ISE posture module to do the posture using ISE version 2.2. We are are planning to the to the installation using a Microsoft GPO to execute the installation on the domain machines.


I have two questions:

1. I would like to know if it is possible to install Cisco Anyconnect ISE posture module in standalone mode and without installing the Cisco AnyConnect Secure Mobility Client for VPN ?

 

test.png


2. Where can I find the ISE posture module (that contains the network configuration) to perform the remote installation using GPO ?

 

Thanks,
Anis GHARBI

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎11-07-2017 11:56 AM

Answers to your questions:

 

1) No. The VPN module is the core module, without which other modules cannot be installed. However, you can hide the VPN module tile and only keep the posture module tile by adding a custom VPN_Service_Disable xml profile into the VPN profile location.

 

Profile: Attached (rename to .xml before using)

 

Location:

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

 

2) I am not sure of this question. The Anyconnect Posture module should be inside the Anyconnect Pre-deploy zip file for Windows.

View solution in original post

Preview file
1 KB
3 Replies 3

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎11-07-2017 11:56 AM

Answers to your questions:

 

1) No. The VPN module is the core module, without which other modules cannot be installed. However, you can hide the VPN module tile and only keep the posture module tile by adding a custom VPN_Service_Disable xml profile into the VPN profile location.

 

Profile: Attached (rename to .xml before using)

 

Location:

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

 

2) I am not sure of this question. The Anyconnect Posture module should be inside the Anyconnect Pre-deploy zip file for Windows.

Preview file
1 KB

Go to solution
Anis Gharbi
Level 1
Level 1
In response to Rahul Govindan

‎11-08-2017 02:40 AM - edited ‎11-08-2017 03:36 AM

Hello Rahul,

 

Thank you for the answer. I succeeded to configure the AnyConnect with only the posture tile using the XML file. 

 

Regarding the second question, we are scheduling to deploy the Cisco Anyconnect in a large enterprise deployment to check the compliance of windows machines. So now I’m searching how to do that in seamless manner with applying the Cisco best practices ?

 

Regards,
Anis

 

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Anis Gharbi

‎11-09-2017 05:48 AM

In the past, I have deployed the Anyconnect VPN, Posture and ISE Compliance module through SCCM before rollout. They exist as individual installers on the Cisco download page. Once you deploy the right modules and have client provisioning configured on ISE, the posture profile should automatically be pushed during first connection attempt.
Customers Also Viewed These Support Documents