Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1232
Views
0
Helpful
3
Replies

Remote VPN StoneSoft Client with Any Connect Posture

Go to solution
Joe Ank
Level 1
Level 1

‎03-28-2022 04:06 AM

Hi,

My Customer do have a setup where the environment is using Forcepoint StoneSoft Client VPN for their remote access VPN. In this scenario, the Customer wants to enforce a posturing and client provisioning with AnyConnect but using StoneSoft Client as Remote VPN Access.

I tried to find any support of ISE Posturing with the Third Party VPN Clients, I found nothin, Has anyone any idea to do this ?

Appreciate if can help on how to deploy the posturing for this scenario.

Thank you in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-28-2022 05:16 AM

I tried to find any support of ISE Posturing with the Third Party VPN Clients, I found nothin, Has anyone any idea to do this ?

-AFAIK this will not work.  For posture assessment you need the ability to support radius change of authorization (CoA) so clients can move from unknown to compliant/noncomplaint based on your radius/posture policies in ISE.  This means that the VPN headend must support dynamic authorization.

 the Customer wants to enforce a posturing and client provisioning with AnyConnect but using StoneSoft Client as Remote VPN Access.

-In order to run other Anyconnect modules the base Secure Mobility Client must be installed.  Are you unable to fully migrate the VPN solution to an RAVPN that supports AnyConnect?  

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-28-2022 05:16 AM

I tried to find any support of ISE Posturing with the Third Party VPN Clients, I found nothin, Has anyone any idea to do this ?

-AFAIK this will not work.  For posture assessment you need the ability to support radius change of authorization (CoA) so clients can move from unknown to compliant/noncomplaint based on your radius/posture policies in ISE.  This means that the VPN headend must support dynamic authorization.

 the Customer wants to enforce a posturing and client provisioning with AnyConnect but using StoneSoft Client as Remote VPN Access.

-In order to run other Anyconnect modules the base Secure Mobility Client must be installed.  Are you unable to fully migrate the VPN solution to an RAVPN that supports AnyConnect?  

0 Helpful

Go to solution
Joe Ank
Level 1
Level 1
In response to Mike.Cifelli

‎03-28-2022 05:36 AM

Hello @Mike.Cifelli 

The Customer cannot full migrate to RA VPN that supports AnyConnect, they already have Forcepoint FW as the VPN Concentrator.

I want to know, is possible to install AnyConnect for Posture Assesment and StoneSoft Client for VPN Access on the same PC, once the User try to connect via StoneSoft VPN Client, the AnyConnect will first check the Posture on the User PC.

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-29-2022 07:36 AM

As alluded to before, a key component in ISE posturing is CoA (change of authz).  You need to determine if the vendor for the VPN headend supports Radius CoA.  There are several other components required for the workflow to work.  I would start with verifying the CoA support to see if it's even possible, and also take a look at this as it should help further: ISE Posture Prescriptive Deployment Guide - Cisco Community

HTH!

0 Helpful
Customers Also Viewed These Support Documents