Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1775
Views
5
Helpful
5
Replies

Posturing with ISE with "xml descriptor missing file" ERROR

Go to solution
mesarasimth1
Level 1
Level 1

‎01-21-2017 10:04 AM - edited ‎03-11-2019 12:23 AM

hi

i am trying to setup posture on ISE version 2, but when I'm uploading anyconnect package in Resources, It gives me an error that "XML descriptor file missing in zip file". I was wondered if anyone has been faced with this error. and if so, how can i fix it. thanks

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to mesarasimth1

‎01-22-2017 06:15 AM

You have to use the latest Anyconnect 4.x version of the client to do this. The 2.x version of client does not have the posture module as a part of the package. Also, it is preferable to use ASA 9.2 or above versions of the ASA to support Change of Authorization (CoA). Here is an example:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

View solution in original post

5 Replies 5

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-21-2017 04:08 PM

Can you paste the name of the package file you uploaded on ISE? Also, what are you trying to do with Posture? Are you trying to use Client provisioning to push the ISE posture module to the users?

0 Helpful

Go to solution
mesarasimth1
Level 1
Level 1
In response to Rahul Govindan

‎01-22-2017 01:17 AM

thanks for your reply. The file name is "anyconnect-win-2.4.0202-k9.pkg". actually I'm trying to setup posture for the users who connect to my local network with Anyconnect VPN Client and apply some policies to them.

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to mesarasimth1

‎01-22-2017 06:15 AM

You have to use the latest Anyconnect 4.x version of the client to do this. The 2.x version of client does not have the posture module as a part of the package. Also, it is preferable to use ASA 9.2 or above versions of the ASA to support Change of Authorization (CoA). Here is an example:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

Go to solution
mesarasimth1
Level 1
Level 1
In response to Rahul Govindan

‎01-22-2017 06:53 AM

thanks a lot. I uploaded version 4 (as you said), and it worked. The problem was with my knowledge about features of every version. again thanks.

0 Helpful

Go to solution
mesarasimth1
Level 1
Level 1
In response to Rahul Govindan

‎02-22-2017 12:20 AM

I have tried All these but I got no where. I just need to see posture pop up from anyconnect. here is my configuration:

1. I have uploaded "anyconnect-win-4.3.00748-k9" on my asa.

2. I have Installed "anyconnect-win-4.3.02039-pre-deploy-k9.msi" on my computer.

3. I have uploaded  "anyconnect-win-4.3.00748-k9" on my ISE.

4. I have Uploaded "AnyConnectComplianceModuleWindows 3.6.11017.2" on my ISE.

5. I have configured "anyconnect profile" with "*" in "server name rule" field.

6. I have configured "anyconnect config" with both anyconnect and compliance and "ISE Posture" checked and configured profile in it.

7. configuring a client provisioning rule.

but when i try to connect to a remote VPN, I just get connected message and there is no sign of posture checking.(I don't need to check any rule).I'm aware that I have not configured the Authentication and Authorization Rules, but the posture process should start anyway, right?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents