cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2140
Views
10
Helpful
5
Replies

Clientless SSL VPN and ISE posture without Anyconnect.

Arjun Kumar
Level 1
Level 1

Dear all,

We have been tasked with a challenge of having ISE Posture (web agent) work on a client machine when connecting securely with a Clientless SSL VPN (browser), i know without an ip assigned to a client it would not be possible, but if anyone has pulled out some tricks on this one to make it work, kindly share the experience.

T&R

5 Replies 5

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi Arjun,

I do not think it is supported.

Posturing is only supported with Anyconnect on ISE:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

Regards,

Aditya

Please rate helpful and mark correct answers

Thank you for your responses, customer is a little reluctant about it not being mentioned anywhere on Cisco's documentation, if it is mentioned anywhere kindly share the document as i am not able to find one. 

Cisco seldom lists all of the things that aren't supported as that list could be quite  lengthy and will never be complete. 

I'd point to the Admin Guide section on posture:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010111.html

It states in part:

Clients interact with the posture service through the AnyConnect ISE Posture Agent or Network Admission Control (NAC) Agent on the endpoint...

That last clause is key. In clientless we do not, by definition, load any software to the endpoint  

Thank you Marvin, i will try to explain the same to the customer, fingers crossed*

Marvin Rhoads
Hall of Fame
Hall of Fame

I agree with Aditya - it's not only unsupported, I don't believe it can be done. The clientless endpoint cannot be assessed by the ISE temporal (web) agent. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: