cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1196
Views
5
Helpful
3
Replies

New AnyConnect NAM Profile from ISE to client

carlo.vos
Level 1
Level 1

Hi,

I'm in the middle of implementing Cisco ISE into a network. After some users connected via Dot1x and had installed AnyConnect, wich I configured for Client Provisioning, they came to me with the question if the most used wireless networks could be automatically pushed with the AnyConnect Profile. Sure thing, I said, and I changed the NAM Profile.

Next it all goes well for new connecting users, but the users who already connected don't get the updated profile. Is there any way to push an AnyConnect Profile, or new configuration, from Cisco ISE?

Greetings,

Carlo

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

That's a good question.

I'm not sure if it's the most efficient or only way; but couldn't you force the pre-existing users to go back through Client Provisioning by adding a Posture Policy to evaluate the NAM profile?

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

That's a good question.

I'm not sure if it's the most efficient or only way; but couldn't you force the pre-existing users to go back through Client Provisioning by adding a Posture Policy to evaluate the NAM profile?

Sorry for my late response, I've been a bit busy this week.

I think you are right, I haven't seen any other way to update the NAM profile except manually copying the profile to the NAM folder and run a network repair.

Thank you.

Doesn't ISE always check it the user is using the current profile? I thought yes...

If not, an user can change his profile to have access to options that shouldn't have.
For example, I have two provisioning policies. One for users that are allowed to have access to others networks, and other profile for users that can connect only on the corporate network. The provisioning policies are base on AD groups.

How could I ensure that users are using the right profile?
The only option is using a Posture Policy? Do you have an example of that?

Thank you all.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: