cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
582
Views
10
Helpful
5
Replies
Beginner

Clientless SSL VPN and ISE posture without Anyconnect.

Dear all,

We have been tasked with a challenge of having ISE Posture (web agent) work on a client machine when connecting securely with a Clientless SSL VPN (browser), i know without an ip assigned to a client it would not be possible, but if anyone has pulled out some tricks on this one to make it work, kindly share the experience.

T&R

5 REPLIES 5
Cisco Employee

Hi Arjun,

Hi Arjun,

I do not think it is supported.

Posturing is only supported with Anyconnect on ISE:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

Regards,

Aditya

Please rate helpful and mark correct answers

Beginner

Thank you for your responses,

Thank you for your responses, customer is a little reluctant about it not being mentioned anywhere on Cisco's documentation, if it is mentioned anywhere kindly share the document as i am not able to find one. 

Hall of Fame Master

Cisco seldom lists all of the

Cisco seldom lists all of the things that aren't supported as that list could be quite  lengthy and will never be complete. 

I'd point to the Admin Guide section on posture:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010111.html

It states in part:

Clients interact with the posture service through the AnyConnect ISE Posture Agent or Network Admission Control (NAC) Agent on the endpoint...

That last clause is key. In clientless we do not, by definition, load any software to the endpoint  

Highlighted
Beginner

Thank you Marvin, i will try

Thank you Marvin, i will try to explain the same to the customer, fingers crossed*

Hall of Fame Master

I agree with Aditya - it's

I agree with Aditya - it's not only unsupported, I don't believe it can be done. The clientless endpoint cannot be assessed by the ISE temporal (web) agent.