Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14800
Views
0
Helpful
0
Replies

AnyConnect 4.5.04029 posture module behaviour

devvv85
Level 1
Level 1

‎06-08-2018 12:20 AM

Hi,

I am deploying AnyConnect 4.5.04029 at customer location for posturing. My query is:

Even though I disable the posture Authz policies that would contain Web redirection, the posture module runs and scans the system. So, for example, if I have a policy that says "dot1x" then "permit access" and if I have the posture module, it still runs the scan which is not expected behaviour, because there is no Web redirection enabled at all

Steps performed:

1) Disable client provisioning policy - If I do this, then on posture module I get message "Bypassing AnyConnect Scan. Your network is configured to use Cisco NAC Agent". Ideally it should be "Policy Server not detected. Default network access is in effect"

2) As soon as I enable client provisioning policy, it goes for posture and sends report as well.

3) I also observed that when it runs the scan without web redirection AuthZ profile, it does not honor Audit mode as well. If machine is non-compliant, remediation is attempted in spite of posture being in audit mode

4) It is observed for both wired and wireless

Worked with TAC and as per TAC, it is expected behaviour beginning with ISE 2.2. I do not see this behaviour mentioned anywhere by Cisco.

Would appreciate if anyone can share their thoughts. Thank you!

1 person had this problem
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents