Greetings all and thx in advance for any advice! Environment details - ISE 1.2. Patch 5 and cisco NAC agent 4.9.3.
I have all of the authen/authz policies working and functioning properly, however, I have run into an issue with the NAC agent running posture only after user login. This is causing some grief, mainly that users required login scripts can't run successfully until posture is compliant and the more permissive dACL is applied. I was hoping that posture would complete long before windows login was even an option for the user but for some reason I appear to require an interactive login to get the NAC agent to run posturing. Any thoughts or ideas on this? I tried the NAC agent installation with a couple of different user accounts on the windows hosts but without success, it will only posture once I have interactive login. I went pretty deep on the removal of the posture conditions to simply checking a single windows service but it didn't make any difference. Thanks for any advice!!
Thanks for the reply Saurav, I should have clarified a design point. I am not doing any user authentication, only doing a machine authen. As I mentioned I can't seem to posture pre-user authentication even though I am not doing any user authentication.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :