01-21-2017 10:04 AM - edited 03-11-2019 12:23 AM
hi
i am trying to setup posture on ISE version 2, but when I'm uploading anyconnect package in Resources, It gives me an error that "XML descriptor file missing in zip file". I was wondered if anyone has been faced with this error. and if so, how can i fix it. thanks
Solved! Go to Solution.
01-22-2017 06:15 AM
You have to use the latest Anyconnect 4.x version of the client to do this. The 2.x version of client does not have the posture module as a part of the package. Also, it is preferable to use ASA 9.2 or above versions of the ASA to support Change of Authorization (CoA). Here is an example:
http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html
01-21-2017 04:08 PM
Can you paste the name of the package file you uploaded on ISE? Also, what are you trying to do with Posture? Are you trying to use Client provisioning to push the ISE posture module to the users?
01-22-2017 01:17 AM
thanks for your reply. The file name is "anyconnect-win-2.4.0202-k9.pkg". actually I'm trying to setup posture for the users who connect to my local network with Anyconnect VPN Client and apply some policies to them.
01-22-2017 06:15 AM
You have to use the latest Anyconnect 4.x version of the client to do this. The 2.x version of client does not have the posture module as a part of the package. Also, it is preferable to use ASA 9.2 or above versions of the ASA to support Change of Authorization (CoA). Here is an example:
http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html
01-22-2017 06:53 AM
thanks a lot. I uploaded version 4 (as you said), and it worked. The problem was with my knowledge about features of every version. again thanks.
02-22-2017 12:20 AM
I have tried All these but I got no where. I just need to see posture pop up from anyconnect. here is my configuration:
1. I have uploaded "anyconnect-win-4.3.00748-k9" on my asa.
2. I have Installed "anyconnect-win-4.3.02039-pre-deploy-k9.msi" on my computer.
3. I have uploaded "anyconnect-win-4.3.00748-k9" on my ISE.
4. I have Uploaded "AnyConnectComplianceModuleWindows 3.6.11017.2" on my ISE.
5. I have configured "anyconnect profile" with "*" in "server name rule" field.
6. I have configured "anyconnect config" with both anyconnect and compliance and "ISE Posture" checked and configured profile in it.
7. configuring a client provisioning rule.
but when i try to connect to a remote VPN, I just get connected message and there is no sign of posture checking.(I don't need to check any rule).I'm aware that I have not configured the Authentication and Authorization Rules, but the posture process should start anyway, right?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide