This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Just wondering if there is detailed guide/document for deploying VPN access (AnyConnect) with ISE, similar to the prescriptive deployment guides for wired/wireless/byod etc?
This is the only document I could find so far - https://community.cisco.com/t5/security-documents/how-to-configure-posture-with-anyconnect-compliance-module-and/ta-p/3647768#toc-hId-837352845
but doesn't show the group-policy config on ISE or how to match tunnel-group conditions. I'm looking for something more thorough.
Solved! Go to Solution.
Very well put. I have asked our experts to step in as well and see if they have other resources
Hi Francesco, thanks for the doc.
Just curious are you trying to create a posture policy based on the connection profile/Tunnel-group and Group-Policy on the ASA similar to the way we do it today with host scan and Dynamic-Access-Policies (DAP)? Unless something has changed on ISE this is not possible as we don't pass this along as part of the ACIDEX exchange. You could however use Radius IETF 25 and put the users in the ASA group-policy you wish during authentication/authorization to ISE from the ASA.
Best regards
Paul
AnyConnect TME
No, was just looking for a deployment guide that's recent and updated with Anyconnect VPN and ISE.