cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1071
Views
2
Helpful
5
Replies

Issue with Posture Compliance on Cisco ISE(3.1) with Meraki AP

Gh0$t
Level 1
Level 1

Use case need to achieve: 

  • Need SAML SSO (Google) with Device Posturing.

Issue which we are facing: 

T4NUJ_2-1678896220214.png

Our approach:

Configured the SAML App and used it in Guest profile to act as the Employee Login and also included the device posturing in the portal configuration.

Our Findings:

T4NUJ_3-1678896282572.png

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/configure-posture.html#:~:text=System%20scan%20not%20required%20on%20current%20Wi%2DFi


Is there any way to achieve this ?

We are using Meraki AP

1 Accepted Solution

Accepted Solutions

Divya Jain
Cisco Employee
Cisco Employee

Hi,
 

ISE - Under Policy, Client provisioning, Resources, ISE posture agent settings, Change Operate on non-802.1X wireless to yes. This forces AnyConnect to always check for posturing regardless of 802.1x.

Usually that can be resolved by checking this value to “YES”. Either from ISE GUI or Manually on the affected client

 

 

Alternatively:
Check the posture assessment policies and rules in Cisco ISE and make sure that they are properly configured to detect and remediate non-compliant endpoints. This can be done by reviewing the posture assessment results in the Cisco ISE dashboard and checking the logs for any errors or warnings related to posture assessment.

 

If the issue persists, it may be helpful to contact Cisco technical support for further assistance and troubleshooting. They can provide more specific guidance and recommendations based on the specific configuration and environment.

 

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------

 

 

 

Regards,
Divya Jain

View solution in original post

5 Replies 5

Divya Jain
Cisco Employee
Cisco Employee

Hi,
 

ISE - Under Policy, Client provisioning, Resources, ISE posture agent settings, Change Operate on non-802.1X wireless to yes. This forces AnyConnect to always check for posturing regardless of 802.1x.

Usually that can be resolved by checking this value to “YES”. Either from ISE GUI or Manually on the affected client

 

 

Alternatively:
Check the posture assessment policies and rules in Cisco ISE and make sure that they are properly configured to detect and remediate non-compliant endpoints. This can be done by reviewing the posture assessment results in the Cisco ISE dashboard and checking the logs for any errors or warnings related to posture assessment.

 

If the issue persists, it may be helpful to contact Cisco technical support for further assistance and troubleshooting. They can provide more specific guidance and recommendations based on the specific configuration and environment.

 

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------

 

 

 

Regards,
Divya Jain

Gh0$t
Level 1
Level 1

Hello Divya,

Thanks for the response.

 

But now I am facing the new issue with it.

 

It is showing the issue with Java.

Gh0t_0-1680253064629.png

 



Hi,
This needs latest Java ( plugin) version as per the error. Make sure you have it installed and are on the latest version. 


Reagrds,

Divya Jain

Gh0$t
Level 1
Level 1

Hello,

I even tried after installing but it did't work and got the same error again.

Hi,
Did you try doing it on some other system?

if the error is still there, did you check with TAC?


Regards,
Divya Jain

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: