Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1548
Views
0
Helpful
3
Replies

posture rescan

Go to solution
adrianmadley
Level 1
Level 1

‎01-07-2020 03:51 AM

Hello All

using ISE 2.2- client = anyconnect  4.6 

getting ready to deploy posture checking :

when testing  - forcing failures / successes - we where using a restart of the 

cisco anyconnect secure mobility ISE posture agent - services, in order to repeat testing - get the host scanning again

 

As we're not expecting end users to do this - we used ISE Posture Profile Editor on the selected host and entered  the recommended  entry of 

 

<EnableRescanButton>1</EnableRescanButton>

 

to the xml file 

 

in order to perform a rescan ....this  runs fine once.! after which I believe the following is occurring -

the client has made contact with ISE - which enforces it's configured  setting in 

 AnyConnect Configuration >Profile Selection >* ISE posture setting

 

in the Posture Agent Profile Settings we have defined i cannot see a  field to enforce rescan ?..... is this s/w version related / if so, is there a work around - or have I just missed a trick here ?

 

your continued support is greatly appreciated

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
adrianmadley
Level 1
Level 1
In response to adrianmadley

‎01-08-2020 03:09 AM

ok ladies & gentlemen 

 

please stand down ...as we've managed to work it out ...

Ironically we had tried this previously  , however, not in the correct way ....due to restricted access of the testing client we couldn't copy the *iseposture*.xml off the host after editing - so we rudimentarily copied the .xml into notepad ++ and saved a .xml - tried to use that as a -

AnyConnect Configuration > AnyConnent Posture Agent Profile

when we did this the hash value was accepted ...however, we saw an error message when we tried to bind that to our posture agent profile ( must have been because of the c'n''p - saving a txt as an .xml)

 

anyways - luckily the testing client could browser to the ISE - so we imported the /agent/ as a /customer created package/ from local disk - assigned this to our relevant / AnyConnent Posture Agent Profile/ and bingo - 

the rescan button stays intact post ISE comms 

 

thanks to all for looking / responding 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-07-2020 06:10 AM

Take a peek in ISE under Administration->System->Settings->Posture->Reassessments
Under here you can setup custom reassessment configurations and map them to certain groups.
0 Helpful

Go to solution
adrianmadley
Level 1
Level 1
In response to Mike.Cifelli

‎01-08-2020 02:13 AM

Thanks Mike

took a look where you suggested 

- however, the lowest interval on reassessment is 1hr  in these setting ? This period for a failed compliant / rescan is obviously too long for us

In our senario - we wish to see if the client fails compliance - they can try again at  the clients will  - ideally using the rescan button ( in POC we've been restarting the service - not an option for users)

please refer to attached as an overview of what we're experiencing 

Preview file
123 KB
0 Helpful

Go to solution
adrianmadley
Level 1
Level 1
In response to adrianmadley

‎01-08-2020 03:09 AM

ok ladies & gentlemen 

 

please stand down ...as we've managed to work it out ...

Ironically we had tried this previously  , however, not in the correct way ....due to restricted access of the testing client we couldn't copy the *iseposture*.xml off the host after editing - so we rudimentarily copied the .xml into notepad ++ and saved a .xml - tried to use that as a -

AnyConnect Configuration > AnyConnent Posture Agent Profile

when we did this the hash value was accepted ...however, we saw an error message when we tried to bind that to our posture agent profile ( must have been because of the c'n''p - saving a txt as an .xml)

 

anyways - luckily the testing client could browser to the ISE - so we imported the /agent/ as a /customer created package/ from local disk - assigned this to our relevant / AnyConnent Posture Agent Profile/ and bingo - 

the rescan button stays intact post ISE comms 

 

thanks to all for looking / responding 

0 Helpful
Customers Also Viewed These Support Documents