The goal is to generate endpoint from cisco ise

zacht5476 · ‎09-24-2025

I'm running a testing environment, and i came across a problem i can't use any authentication protocols (radius/tacacs), however is there a way to use anyconnect as a agent without VPN feature to generate endpoints?

ammahend · ‎09-24-2025

if you are asking if you can program anyconnect (now called Cisco Secure client) to send data directly to ISE for building database of endpoints, then I don't think you can do that.

You can send Cisco AnyConnect telemetry to Cisco Secure Endpoint (formerly AMP for Endpoints), and then Cisco Secure Endpoint can share some of that data with ISE via pxGrid, but there may be limitation to what kind of data is supported, I haven't tried it myself.

-hope this helps-

Arne Bier · ‎09-24-2025

Hi @zacht5476

Not sure I fully understand what you're after - but if you're in a test/lab environment, and you want to generate some synthetic RADIUS requests to your ISE node, then you can certainly do that. I use radclient and wpa_supplicant to send MAB/PAP/802.1X requests from my linux host to ISE.

Rapid prototyping ISE Policies without any real networking hardware - Cisco Community

Rapid prototyping ISE Policies without any real networking hardware (part 2) - Cisco Community

Rapid prototyping ISE Policies without any real networking hardware (part 3) - Cisco Community

ahollifield · ‎09-24-2025

What exactly are you asking? ACIDEX is a thing but it requires VPN.

I think you are asking for EasyConnect + Posture maybe? No one should really be deploying EasyConnect in 2025. Why not use 802.1X with EAP-TLS?