cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

868
Views
0
Helpful
3
Replies
Phi Yim
Cisco Employee

ISE Result - Customized Error Message On AnyConnect

ISE experts,

My customer has the following AuthZ rule in ISE:

If Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=internal + authentication is EAP-TLS, then permit.  If an employee uses AnyConnect with their personal device without a valid client certificate, the end user sees the “Certificate Validation Failure”.  Please see screen capture below.

Is it possible for ISE to have AnyConnect display another message such as: “AnyConnect has detected that this machine is out of compliance”?

AnyConnect.jpg

1 ACCEPTED SOLUTION

Accepted Solutions
Timothy Abbott
Cisco Employee

Unfortunately, no.  ISE doesn't play a roll in the AnyConnect messaging for VPN authentication.  If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

View solution in original post

3 REPLIES 3
Timothy Abbott
Cisco Employee

Unfortunately, no.  ISE doesn't play a roll in the AnyConnect messaging for VPN authentication.  If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

Thanks for getting back to me Tim!

lnemec
Enthusiast

Hi, sure, you can customize Anyconnect client error messages on ASA via ASDM.

Regards,

Laci,.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube