Solved: Posture periodic reassessment (PRA) query

dngore · ‎06-20-2018

Hi,

I just want to confirm my understanding that Anyconnect agent do posture verification at PRA interval without applying unknown/non-compliant posture profile having restricted access(DACL).

User will have full production access while carrying out periodic posture reassessment or verification. And he will get remediated if posture is non-compliant.

Is my understanding correct?

Regards,

D.M.Gore

Jason Kunst · ‎06-21-2018

Yes

View solution in original post

Jason Kunst · ‎06-21-2018

Yes

dngore · ‎06-25-2018

Thx for confirmation.

We also observed that non-compliant posture profile does not get applied not only during verification but also at remediation window. User has production access during remediation window. Non-compliant posture profile gets applied only after he is not able to remediate within remediation window.

Is there any setting that will invoke posture verification after system declared as non-compliant. Reason we are asking is that, customer will remediate non-compliant system. But there is no method that ISE again do posture verification and allow production access to that remediated system.

Jason Kunst · ‎06-27-2018

in anyconnect 4.6 there is a rescan function, before that release user would have to unplug or disconnect wireless and reconnect

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/release/notes/b_Release_Notes_AnyConne…

Posture Rescan—AnyConnect users now have the option to manually restart posture at any point of time.