We currently have Anyconnect with the ISE Posture Module installed. We are using this to posture devices on our wired network before granting network access. Our computers already have the software installed but not the ISEPostureCFG.XML which has the call home list of our ISE servers. Is there a way to force the clients to download that profile when first connecting? Again this is for devices uses 802.1x on our internal wired network, not VPN. Thanks
I did set this up but the policy doesn't download. The ISE Module just says no policy server detected. Then if I manually add the ISEPostureCFG.XML file it will then follow the config file rules (upgrade anyconnect version and update the profile)
I modified my example here. The real project I'm working on here is to allow a client to move from a network using one ISE server to another network with different ISE server. Without manually change the ISEPostureCFG.XML contiaining the different ISE call home servers the policy servers aren't detected.
with the posture redirect that would trigger the install of AC or to force the check-in, but I'm not sure on not needing the config different for each.
Does each site have it's own DNS? where you could set up a similar name pointing to the respective servers?