We have been tasked with a challenge of having ISE Posture (web agent) work on a client machine when connecting securely with a Clientless SSL VPN (browser), i know without an ip assigned to a client it would not be possible, but if anyone has pulled out some tricks on this one to make it work, kindly share the experience.
I do not think it is supported.
Posturing is only supported with Anyconnect on ISE:
Please rate helpful and mark correct answers
Thank you for your responses, customer is a little reluctant about it not being mentioned anywhere on Cisco's documentation, if it is mentioned anywhere kindly share the document as i am not able to find one.
Cisco seldom lists all of the things that aren't supported as that list could be quite lengthy and will never be complete.
I'd point to the Admin Guide section on posture:
It states in part:
Clients interact with the posture service through the AnyConnect ISE Posture Agent or Network Admission Control (NAC) Agent on the endpoint...
That last clause is key. In clientless we do not, by definition, load any software to the endpoint
I agree with Aditya - it's not only unsupported, I don't believe it can be done. The clientless endpoint cannot be assessed by the ISE temporal (web) agent.