Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
2
Replies

ACS CTA(anyconnect) on laptop

Earl Granger IV
Level 1
Level 1

‎12-17-2013 02:17 PM - edited ‎03-10-2019 09:11 PM

Hey guys and gals,

I need to confirm something.  I am new to this but in my current environment we use Cisco anyconnect for posture checking and its using the CTA portion of anyconnect.  I want the laptop to pass a posture check without using the CTA.  If I add a posture policy to my ACS to look for a file or any registry key would I be able to authenticate on the network without CTA?  I would keep CTA in place but I just want to add an addition to the posture policy.  Please let me know. 

Thanks

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎12-17-2013 09:19 PM

Wow,

You are going way back! You are using the old nac framework where the CTA is used to relay the tokens/health status of the client. You need CTA since that is client that reports back to ACS on the posture status and if you meet the policy.

See step 4 in the posture validation section on the link below.

http://www.cisco.com/en/US/docs/security/cta/2.1.103.0_supplicant/admin_guide/ctaOver.html

thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Earl Granger IV
Level 1
Level 1
In response to Tarik Admani

‎12-18-2013 06:33 AM

Does that have anything to do with the Network Polices because they show as not active.  Only laptops that are joined to the domain is allowed on the network.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents