Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
1
Helpful
9
Replies

New Provisioning policies with no download from ISE

TVmaster
Level 1
Level 1

‎10-23-2024 10:41 AM

Hi fellows 

we have a situation in my end of suport ISE 2.7 . we are in a migration from 2.7 to 3.2 , but our provisioning policies are old in 2.7 , and complicance module and anyconnect versions are also...

i would like to migrate to 3.2 without having to force a download this new compliance module and new anyconnect version to the machines , because we will have a lot of work with windows GPO ,that block instalations and updates from certain softwares.. and we would like to do this manualy inside our organization...

is it possible to configure provisioning policies with new packages in my new ISE , without force our user to download this new recourses? without "defer" option , because is prompted to the user...

i tried to do this , and when a user tries do posture , client tries to downlod "compliance module" and "anyconnect new version" and because we have a GPO , a error occur in anyconnect because this update is blocked.

i remember in older ISE versions , a option called "is upgrade mandatory?", but in new versions .. i cant found this option.

0 Helpful
9 Replies 9

Aref Alsouqi
VIP
VIP

‎10-24-2024 01:34 AM

I didn't come across this specific scenario but how about if you import the old packages into ISE 3.2 and reference them in the posture assessment and client provisioning policies?

0 Helpful

TVmaster
Level 1
Level 1
In response to Aref Alsouqi

‎10-24-2024 05:24 AM

Aref .. this old packages are not  available anymore in download section in Cisco

ahollifield
VIP
VIP
In response to TVmaster

‎10-24-2024 05:34 AM

What is your upgrade strategy for ISE? They are included in the ISE configuration database.
0 Helpful

ahollifield
VIP
VIP

‎10-24-2024 05:11 AM

Is the plan eventually for a migration to 3.3?  

You should not upgrade with EOL compliance module or AnyConnect versions as those may not have been validated on more modern versions of windows.  I would do the upgrade to Secure Client with your package management utility first. 

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/anyconnect-secure-mobility-client-v4x-eol.html

0 Helpful

TVmaster
Level 1
Level 1
In response to ahollifield

‎10-24-2024 05:37 AM

Ahollifield , yes yes , is the plan , but not for now.. and we would like to avoid some problems in this moment

 

 

0 Helpful

ahollifield
VIP
VIP
In response to TVmaster

‎10-24-2024 05:46 AM

Problems like what? I would just upgrade ISE in place then or use backup/restore method. Then ASAP start the upgrades for Secure Client using your package management utility.
0 Helpful

TVmaster
Level 1
Level 1
In response to ahollifield

‎10-25-2024 03:31 PM

we have old and new machines in the envi...

is it not possible to disable  this automatic update by provisioning policies from ise? 

0 Helpful

ahollifield
VIP
VIP
In response to TVmaster

‎10-28-2024 04:55 AM

Not for the compliance module no.  I'm not sure what you are asking though?  What do you mean?

0 Helpful

Aref Alsouqi
VIP
VIP
In response to ahollifield

‎10-28-2024 07:49 AM

I think @TVmaster is after disabling the upgrade/update prompt of AnyConnect/Secure Client posture module on the endpoints. Not sure but I think if you disable the client provisioning portal that might be the fix?

0 Helpful
Customers Also Viewed These Support Documents