Posture validation in SOHO - Extended wireless from corporate
I have a customer moving from Cisco NAC based solution to Cisco ISE. NAC should be provided to wireless and the SOHO users(wireless). We implemented airspace ACL on the Cisco ISE, which will push the ACL to wireless Aps(flexconnect acl) based on the posture validation. If the posture validation fails, ACL specific to a particular end point will be pushed into AP.
However, the same airspace ACL is not working on the VPN routers(800 series). VPN routers integrated wireless solution doesn’t understand the airspace ACL av:pair and don’t think we can configure flexconnect ACLs on the SOHO routers. Do you think of anyother idea where we can enforce the ACL based on the posture validation?. Downloadable acl works on an interface. I don’t think it can be enforced on per-user basis.
Is there any way to push the ACL? Do posture validation & remediate the end point with limited access?
Pardon me for my gmail account. I havnt received the BT id yet.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...