Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
4
Replies

Quick question about Posture on multiple connections

Go to solution
Joey Muniz
Cisco Employee
Cisco Employee

‎09-29-2017 10:48 AM

A customer wants to know if they can connect the same computer to perform posture on more than one connection (LAN and wireless at the same time). Typically, I’m asked for the opposite as customers don’t want wireless and LAN to be connected at the same time. In this case, the customer wants both as well as both connections checked with posture. Is this possible? I didn’t think so

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to kthiruve

‎09-29-2017 01:38 PM

I believe there’s a problem as AnyConnect will only posture out one interface at a time depending on how the OS is preferring the NICs

If it prefers wired and you plug in, it will posture wired and wireless if not postured will sit in a state of unknown as AnyConnect won’t communicate

If you connect wireless and posture then Connect wired then it will posture again, now both nics should be postured state

If you have PRA enabled then it will fail on wireless since there is no communication

You will want to make sure that your posture lease is enabled so that you only have to posture 1x a day on each connection if preferred

Best scenario is to limit to one interface at a time using AnyConnect NAM (windows only)

Remember licensing is per active connection (Mac address), having 2 nics connected will result in each machine consuming 2 licenses

View solution in original post

0 Helpful
4 Replies 4

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎09-29-2017 01:15 PM

The NIC connections IP’s and MAC’s are different and posture will happen again. This is the normal behavior.

-Krishnan

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to kthiruve

‎09-29-2017 01:38 PM

I believe there’s a problem as AnyConnect will only posture out one interface at a time depending on how the OS is preferring the NICs

If it prefers wired and you plug in, it will posture wired and wireless if not postured will sit in a state of unknown as AnyConnect won’t communicate

If you connect wireless and posture then Connect wired then it will posture again, now both nics should be postured state

If you have PRA enabled then it will fail on wireless since there is no communication

You will want to make sure that your posture lease is enabled so that you only have to posture 1x a day on each connection if preferred

Best scenario is to limit to one interface at a time using AnyConnect NAM (windows only)

Remember licensing is per active connection (Mac address), having 2 nics connected will result in each machine consuming 2 licenses

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎10-02-2017 11:42 AM

I also am validating with our posture SME imbashir

0 Helpful

Go to solution
imbashir
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎10-02-2017 12:04 PM

In case posture lease is enabled, then ISE can track AC interfaces (using UDID) e.g. moving from Wired to Wireless or vice versa, would not trigger posture


Else, posture would be triggered at each connection time (wired, wireless or VPN)

Thanks

Imran

0 Helpful
Customers Also Viewed These Support Documents