03-17-2016 10:39 PM
ISE experts,
My customer has the following AuthZ rule in ISE:
If Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=internal + authentication is EAP-TLS, then permit. If an employee uses AnyConnect with their personal device without a valid client certificate, the end user sees the “Certificate Validation Failure”. Please see screen capture below.
Is it possible for ISE to have AnyConnect display another message such as: “AnyConnect has detected that this machine is out of compliance”?
Solved! Go to Solution.
03-18-2016 09:53 AM
Unfortunately, no. ISE doesn't play a roll in the AnyConnect messaging for VPN authentication. If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.
Regards,
-Tim
03-18-2016 09:53 AM
Unfortunately, no. ISE doesn't play a roll in the AnyConnect messaging for VPN authentication. If AnyConnect were doing posture assessment, then you would have the ability to customize the posture messaging to the end user.
Regards,
-Tim
03-18-2016 01:29 PM
Thanks for getting back to me Tim!
07-24-2017 08:08 AM
Hi, sure, you can customize Anyconnect client error messages on ASA via ASDM.
Regards,
Laci,.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: