Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1756
Views
2
Helpful
6
Replies

Issue with Posture Compliance on Cisco ISE(3.1) with Meraki AP

Go to solution
Gh0$t
Level 1
Level 1

‎03-15-2023 09:07 AM - edited ‎03-15-2023 09:10 AM

Use case need to achieve: 

  • Need SAML SSO (Google) with Device Posturing.

Issue which we are facing: 

T4NUJ_2-1678896220214.png

Our approach:

Configured the SAML App and used it in Guest profile to act as the Employee Login and also included the device posturing in the portal configuration.

Our Findings:

T4NUJ_3-1678896282572.png

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/configure-posture.html#:~:text=System%20scan%20not%20required%20on%20current%20Wi%2DFi


Is there any way to achieve this ?

We are using Meraki AP

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎03-31-2023 01:54 AM

Hi,
 

ISE - Under Policy, Client provisioning, Resources, ISE posture agent settings, Change Operate on non-802.1X wireless to yes. This forces AnyConnect to always check for posturing regardless of 802.1x.

Usually that can be resolved by checking this value to “YES”. Either from ISE GUI or Manually on the affected client

 

 

Alternatively:
Check the posture assessment policies and rules in Cisco ISE and make sure that they are properly configured to detect and remediate non-compliant endpoints. This can be done by reviewing the posture assessment results in the Cisco ISE dashboard and checking the logs for any errors or warnings related to posture assessment.

 

If the issue persists, it may be helpful to contact Cisco technical support for further assistance and troubleshooting. They can provide more specific guidance and recommendations based on the specific configuration and environment.

 

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------

 

 

 

Regards,
Divya Jain

View solution in original post

6 Replies 6

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎03-31-2023 01:54 AM

Hi,
 

ISE - Under Policy, Client provisioning, Resources, ISE posture agent settings, Change Operate on non-802.1X wireless to yes. This forces AnyConnect to always check for posturing regardless of 802.1x.

Usually that can be resolved by checking this value to “YES”. Either from ISE GUI or Manually on the affected client

 

 

Alternatively:
Check the posture assessment policies and rules in Cisco ISE and make sure that they are properly configured to detect and remediate non-compliant endpoints. This can be done by reviewing the posture assessment results in the Cisco ISE dashboard and checking the logs for any errors or warnings related to posture assessment.

 

If the issue persists, it may be helpful to contact Cisco technical support for further assistance and troubleshooting. They can provide more specific guidance and recommendations based on the specific configuration and environment.

 

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------

 

 

 

Regards,
Divya Jain

Go to solution
Gh0$t
Level 1
Level 1

‎03-31-2023 01:58 AM

Hello Divya,

Thanks for the response.

 

But now I am facing the new issue with it.

 

It is showing the issue with Java.

Gh0t_0-1680253064629.png

 



0 Helpful

Go to solution
Divya Jain
Cisco Employee
Cisco Employee
In response to Gh0$t

‎04-03-2023 04:39 AM

Hi,
This needs latest Java ( plugin) version as per the error. Make sure you have it installed and are on the latest version. 


Reagrds,

Divya Jain

0 Helpful

Go to solution
anand-hongal
Level 1
Level 1
In response to Gh0$t

‎06-13-2024 01:50 AM

Hi,

 

i am seeing the same error message on brand new windows 11 systems. this error shows up after the ISE upgrade.

the java update did not help, can you suggest.

0 Helpful

Go to solution
Gh0$t
Level 1
Level 1

‎04-03-2023 04:49 AM

Hello,

I even tried after installing but it did't work and got the same error again.

0 Helpful

Go to solution
Divya Jain
Cisco Employee
Cisco Employee
In response to Gh0$t

‎04-11-2023 03:35 AM

Hi,
Did you try doing it on some other system?

if the error is still there, did you check with TAC?


Regards,
Divya Jain

0 Helpful
Customers Also Viewed These Support Documents