- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2018 10:05 PM
Can we check client's DNS and proxy settings with NAC agent or Anyconnect, and decide to allow the client if these settings are configured as compliant to corporate policy? If not, redirect to a page which says uncompliant DNS and proxy settings are being used.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 04:16 AM
You might be able to do this with a registry check, you would have to validate this in a lab setup
Upon failure you could then throw up a remediation message with AnyConnect telling them they are blocked because of this
You can redirect them on non compliance to an manual noted html page in ISE 2.2 and higher stating they are non compliant however there is no way in authorization rules to say if you fail posture rule x then redirect to html page x for message x

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 04:16 AM
You might be able to do this with a registry check, you would have to validate this in a lab setup
Upon failure you could then throw up a remediation message with AnyConnect telling them they are blocked because of this
You can redirect them on non compliance to an manual noted html page in ISE 2.2 and higher stating they are non compliant however there is no way in authorization rules to say if you fail posture rule x then redirect to html page x for message x
