Solved: ISE Result - Customized Error Message On AnyConnect

Phi Yim · ‎03-17-2016

ISE experts,

My customer has the following AuthZ rule in ISE:

If Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=internal + authentication is EAP-TLS, then permit. If an employee uses AnyConnect with their personal device without a valid client certificate, the end user sees the “Certificate Validation Failure”. Please see screen capture below.

Is it possible for ISE to have AnyConnect display another message such as: “AnyConnect has detected that this machine is out of compliance”?

Timothy Abbott · ‎03-18-2016

Unfortunately, no. ISE doesn't play a roll in the AnyConnect messaging for VPN authentication. If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎03-18-2016

Unfortunately, no. ISE doesn't play a roll in the AnyConnect messaging for VPN authentication. If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.

Regards,

-Tim

Phi Yim · ‎03-18-2016

Thanks for getting back to me Tim!

lnemec · ‎07-24-2017

Hi, sure, you can customize Anyconnect client error messages on ASA via ASDM.

Regards,

Laci,.