02-24-2018 01:50 AM - edited 02-21-2020 10:46 AM
Hi, folks.
Is there a possibility for the AnyConnect NAC/Posture module to check for a particular network it is connected to ??
Here is the situation and what I am trying to achieve:
This process runs fine when connected to the company LAN, the point is, it also runs, when the client is connected to a DIFFERENT/NON-COMPANY network, in which there is no NAC/ISE at all !!!
Is there a config option somewhere to make the NAC agent on the client check, which network it is connected to (company owned or foreign) and based on that result, either run or skip the whole NAC process ???
Grateful for any clues
Rgs
Frank
02-26-2018 04:00 PM
Hi
Normally if you configured your profile with discovery host, when users are out of your network, the posture should fall but they can get access to the network.
There's no option to say to not perform posture. The posture is always there but have an impact only on your protected network.
Out of your office, they can connect anywhere else even if the posture fails
02-28-2018 05:36 PM
02-28-2018 11:47 PM
03-01-2018 05:11 AM
03-01-2018 05:15 AM
In addition of what Rahul said for stealth mode, you have some posture check not available in that mode.
I've implemented it once and rollback right away to normal mode because of user experience.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide