I have an ISE working with Any Connect and Nac Aggent, this is a new implementation and while doing some tests I discovered that for some users the Posture Redirect is not working properly.
This is a Wireless implementation, the users get connected to the corp. SSID (forced by the any connect), after acquiring IP address Nac Agent shows up and check that the users have win 7 enterprise and trend micro AV, if all requirements are ok, a new auth profile will be applied with an dACL.
The ISE and WLC config seems to be working fine (cause from about 20 users, 15 are working perfectly) the problem comes with some users that at some point Posture Redirect stops working. When they star Windows, the Agent pops up and posture works fine, even after making some Network Repairs it still working fine, but if clients get disconnected by some reason (like moving tru floors or taking the elevator) when he tries to connect again, Nac Agent never shows up.
During the problem under Operations > Authenticatios I see the user as Compliant Unknow (it should change to compliant or not compliant, but not). I also see the client gets the Posture-Redirect ACL and the Redirect URL, so I really can’t figure out what’s happening other those machines (cause others are working fine).
All machines are same model (DELL Latitude) with Win 7 Enterprise and the installed programs are almost the same. I think it’s a problem with the Nac but why and how can I fix-it.
I’m adding info form the client while the problem is presented and while the problem is not presented.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :