Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, I have a Firepower in ASA mode (9.14) for anyconnect VPN and cisco ISE for posture (Apex license). I am trying to find if there is an option to force the VPN session to disconnect if the posture is not compliant. For the moment when the PC is not...
Hi, I'm creating a new ISE 2.6 distributed deployment. Now I'm trying to understand what I need to configure in order for the PSN to send their logs to the MNT.I want to use another interface than the Gi0 for that trafic.Do I need to configure a remo...
Hi, I'm trying to find how to change the default folder for Anyconnect profiles to something else than the folder inside %ProgramData%.Is it possible to put the .xml profile config and the ISEpostureCFG.xml in C:\Program Files (x86)\ or maybe elsewh...
Hi, I have configured ASA VPN with anyconnect and posture with ISE.The anyconnect client and config will be preinstall on PC (no self download or install with msi) I am confused with the different package and profiles that must be upload on ISE and A...
Hi, The documentation specifies that we can backup PAN and MNT. The backup should contains "both application-specific and Cisco ADE operating system configuration data." - Does this backup includes the config done during the wizard after booting the ...
Hi, The Session-Timeout is not taken into account by the ASA, I don't see the max session value changed after receiving the COA.The DACL is received on the other hand.I'll try to push a whole group-policy with a short max session timeout. Best regard...
Hi, I tried the access-reject option, but this triggers an error on the anyconnect side, something like unknown interruption error : general error.I've also contacted TAC for this and they responded that it is impossible to disconnect the tunnel if t...
Hi, We check for specific running process on corporate computers. If the process is not running it means that the client corporate computer is not configured properly or have a big problem (they would have to call the IT support and maybe bring their...
Hi, So only the anyconnect package is mandatory in the ASA disk. No need to upload the compliance module and the xml profiles (already uploaded in ISE) ? If I want to upgrade anyconnect, do I only need to update the client provisioning on ISE (keep t...
