I have a customer using the latest Anyconnect client on their endpoints connecting to an ASA. They have ISE deployed, and want to ensure that posture checking happens prior to the endpoint gaining access to the network. I believe this is the default behavior, but I can't find any documentation that specifically calls this out. I see lots of guides on configuring ISE posture as well as ASA HostScan, but none that say "the VPN will not be established until posturing/remediation is successful" or something similar.
I'm not as familiar with posture as I'd like to be, so pardon me if I'm asking an ignorant question, or phrasing it badly.
Thanks for any assistance!