03-18-2020 08:58 AM
Hi
I want to Implement a Posture in my lab, I have ISE server and VMs machines.
for Posture Use case, I have to do Client Provisioning and i have to do the following. kindly guide me if something can be skipped, because I dont have internet connectivity in LAB and it is a remote LAB and internet connectivity is big challenge for me.
1. In Client provisioning I have to download compliance module from cisco site through ISE. can we download it from somewhere else and then I can upload it on ISE from local disk ?
2. I have to upload webdeoploy package : its done and uploaded from local disk on ISE.
3. I have to create NAM profile. from where I can install this NAM and where i can install it (on end point or from any machine to make customize package, is it Mandatory to make customize package or we can skip it.
4. I have to configure native profile.
5. I have to configure Any connect configuration, in which i will map NAM profile, package file and compliance module file.
6. I have to configure posture module.
Big Question: can i implement Posture without internet connectivity in the network.
Thanks
Garry
03-18-2020 10:09 AM
Hi,
Speaking strictly about posture:
1/2. Download anyconnect client and compliance module
3. NAM module of AnyConnect is not required for posture
4. Not sure what you mean by native profile, maybe you mean native supplicant profile or what?
5. No NAM for posture
6. You mean posture policy
You can deploy posture and profiling and everything without Internet connectivity for ISE, but you would have for example to manually import posture updates, profiling updates (if you use profiling).
Use these guidelines for Posture, Profiling and 802.1x:
https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide