Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 571

    Page 571 Add Customer Created Resources for AnyConnect from a Local Machine AddcustomercreatedresourceslikeAnyConnectcustomizationandlocalizationpackagesandAnyConnect profilesfromthelocalmachinetoCiscoISE. Before You Begin EnsurethatcustomercreatedresourcesforAnyConnectarezippedfilesandavailableinyourlocaldisk. Procedure Step 1ChoosePolicy>PolicyElements>Results>Clientprovisioning>Resources. Step 2ClickAdd. Step 3ChooseAgentResourcesfromlocaldisk. Step 4ChooseCustomerCreatedPackagesfromtheCategorydrop-down. Step... 
    Add Customer Created Resources for AnyConnect from a Local Machine
AddcustomercreatedresourceslikeAnyConnectcustomizationandlocalizationpackagesandAnyConnect
profilesfromthelocalmachinetoCiscoISE.
Before You Begin
EnsurethatcustomercreatedresourcesforAnyConnectarezippedfilesandavailableinyourlocaldisk.
Procedure
Step 1ChoosePolicy>PolicyElements>Results>Clientprovisioning>Resources.
Step 2ClickAdd.
Step 3ChooseAgentResourcesfromlocaldisk.
Step 4ChooseCustomerCreatedPackagesfromtheCategorydrop-down.
Step...

    Page 572

    Page 572 Before You Begin •IfyouintendtouseaTLSdeviceprotocolforremotedeviceregistration,setupatleastoneSimple CertificateEnrollmentProtocol(SCEP)profile. •OpenupTCPport8909andUDPport8909toenableinstallationofCiscoNACAgent,CiscoNAC WebAgent,andsupplicantprovisioningwizard.Formoreinformationaboutportusage,seethe“Cisco ISEAppliancePortsReference”appendixintheCiscoIdentityServicesEngineHardwareInstallation Guide. Procedure Step 1ChoosePolicy>PolicyElements>Results>ClientProvisioning>Resources. Step... 
    Before You Begin
•IfyouintendtouseaTLSdeviceprotocolforremotedeviceregistration,setupatleastoneSimple
CertificateEnrollmentProtocol(SCEP)profile.
•OpenupTCPport8909andUDPport8909toenableinstallationofCiscoNACAgent,CiscoNAC
WebAgent,andsupplicantprovisioningwizard.Formoreinformationaboutportusage,seethe“Cisco
ISEAppliancePortsReference”appendixintheCiscoIdentityServicesEngineHardwareInstallation
Guide.
Procedure
Step 1ChoosePolicy>PolicyElements>Results>ClientProvisioning>Resources.
Step...

    Page 573

    Page 573 Wired Profile •AllowedProtocol—Configurewhichprotocoltheclientshouldusetoconnecttotheauthentication server;PEAPorEAP-TLS. •CertificateTemplate—ForTLS,chooseoneofthecertificatetemplatesthatdefinedonAdministration SystemCertificatesCertificateAuthorityCertificateTemplates Optional Settings - for Windows IfyouexpandOptional,thefollowingfieldsarealsoavailableforWindowsclients. •Automaticallyuselogonnameandpassword(anddomainifany)—IfyouselectedUserfor... 
    Wired Profile
•AllowedProtocol—Configurewhichprotocoltheclientshouldusetoconnecttotheauthentication
server;PEAPorEAP-TLS.
•CertificateTemplate—ForTLS,chooseoneofthecertificatetemplatesthatdefinedonAdministration
SystemCertificatesCertificateAuthorityCertificateTemplates
Optional Settings - for Windows
IfyouexpandOptional,thefollowingfieldsarealsoavailableforWindowsclients.
•Automaticallyuselogonnameandpassword(anddomainifany)—IfyouselectedUserfor...

    Page 574

    Page 574 Procedure Step 1ChoosePolicy>PolicyElements>Results>ClientProvision>Resources. Step 2ClickAddtocreateanAnyConnectconfiguration. Step 3ChooseAnyConnectConfiguration. Step 4ChooseanAnyConnectPackage,whichyoupreviouslyuploaded.Forexample,AnyConnectDesktopWindows xxx.x.xxxxx.x. Step 5EnterthenameforthecurrentAnyConnectConfiguration.Forexample,ACConfigxxx.x.xxxxx.x. Step 6Choosethecompliancemodule,whichyoupreviouslyuploaded.Forexample, AnyConnectComplianceModulewindowsx.x.xxxx.x Step... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Results>ClientProvision>Resources.
Step 2ClickAddtocreateanAnyConnectconfiguration.
Step 3ChooseAnyConnectConfiguration.
Step 4ChooseanAnyConnectPackage,whichyoupreviouslyuploaded.Forexample,AnyConnectDesktopWindows
xxx.x.xxxxx.x.
Step 5EnterthenameforthecurrentAnyConnectConfiguration.Forexample,ACConfigxxx.x.xxxxx.x.
Step 6Choosethecompliancemodule,whichyoupreviouslyuploaded.Forexample,
AnyConnectComplianceModulewindowsx.x.xxxx.x
Step...

    Page 575

    Page 575 Step 6ClickSubmit. Agent Profile Configuration Guidelines Ciscorecommendsconfiguringagentprofilestocontrolremediationtimers,networktransitiondelaytimers, andthetimerthatisusedtoautomaticallyclosetheloginsuccessscreenonclientmachinessothatthese settingsarepolicybased.However,whentherearenoagentprofilesconfiguredtomatchclientprovisioning policies,youcanusethesettingsintheAdministration>System>Settings>Posture>GeneralSettings toaccomplishthesamegoal.... 
    Step 6ClickSubmit.
Agent Profile Configuration Guidelines
Ciscorecommendsconfiguringagentprofilestocontrolremediationtimers,networktransitiondelaytimers,
andthetimerthatisusedtoautomaticallyclosetheloginsuccessscreenonclientmachinessothatthese
settingsarepolicybased.However,whentherearenoagentprofilesconfiguredtomatchclientprovisioning
policies,youcanusethesettingsintheAdministration>System>Settings>Posture>GeneralSettings
toaccomplishthesamegoal....

    Page 576

    Page 576 Usage Guidelines Mode (Applies only to Cisco ISE NAC Agent) Default ValueField Ifthevalueisset toYes,this settingenables compatibility withtheJAWS screenreader. Usersmay experiencea slightimpacton performance whenthisfeature isenabled.The agentstill functions normallyifthis featureisenabled onaclient machinethat doesnothavethe JAWSscreen readerinstalled. MergeNo—Agentdoesnot interactwiththeJob AccesswithSpeech (JAWS) EnableAccessibilityMode(Not applicableforaMacOSX client) Ifthevalueisset toYes,this... 
    Usage
Guidelines
Mode (Applies only to
Cisco ISE NAC Agent)
Default ValueField
Ifthevalueisset
toYes,this
settingenables
compatibility
withtheJAWS
screenreader.
Usersmay
experiencea
slightimpacton
performance
whenthisfeature
isenabled.The
agentstill
functions
normallyifthis
featureisenabled
onaclient
machinethat
doesnothavethe
JAWSscreen
readerinstalled.
MergeNo—Agentdoesnot
interactwiththeJob
AccesswithSpeech
(JAWS)
EnableAccessibilityMode(Not
applicableforaMacOSX
client)
Ifthevalueisset
toYes,this...

    Page 577

    Page 577 Usage Guidelines Mode (Applies only to Cisco ISE NAC Agent) Default ValueField Thedefault settingenables theagenttouse thelocale settingsfromthe clientoperating system. Ifthissettingis eithertheID,the abbreviated name,orthefull nameofa supported language,the agent automatically displaysthe appropriate localizedtextin theagentdialogs ontheclient machine. MergeDefaultLocale(NotapplicableforaMac OSXclient) Ifthevalueisset toDisplay Failed,theclient posture assessmentreport displayonly remediation... 
    Usage
Guidelines
Mode (Applies only to
Cisco ISE NAC Agent)
Default ValueField
Thedefault
settingenables
theagenttouse
thelocale
settingsfromthe
clientoperating
system.
Ifthissettingis
eithertheID,the
abbreviated
name,orthefull
nameofa
supported
language,the
agent
automatically
displaysthe
appropriate
localizedtextin
theagentdialogs
ontheclient
machine.
MergeDefaultLocale(NotapplicableforaMac
OSXclient)
Ifthevalueisset
toDisplay
Failed,theclient
posture
assessmentreport
displayonly
remediation...

    Page 578

    Page 578 Usage Guidelines Mode (Applies only to Cisco ISE NAC Agent) Default ValueField Thissetting specifiesthetime toremediateany failedposture assessment checksonthe clientmachine beforehavingto gothroughthe entirelogin processagain. Thevalidrange is1to300 minutes. Overwrite4Remediationtimer Thissetting specifiesthetime towaitforthe network transition(IP addresschange) tooccurbefore beginningthe remediation timercountdown. Thevaildrange is2-30seconds. Overwrite3Networktransitiondelay Cisco Identity Services... 
    Usage
Guidelines
Mode (Applies only to
Cisco ISE NAC Agent)
Default ValueField
Thissetting
specifiesthetime
toremediateany
failedposture
assessment
checksonthe
clientmachine
beforehavingto
gothroughthe
entirelogin
processagain.
Thevalidrange
is1to300
minutes.
Overwrite4Remediationtimer
Thissetting
specifiesthetime
towaitforthe
network
transition(IP
addresschange)
tooccurbefore
beginningthe
remediation
timercountdown.
Thevaildrange
is2-30seconds.
Overwrite3Networktransitiondelay
   Cisco Identity Services...

    Page 579

    Page 579 Usage Guidelines Mode (Applies only to Cisco ISE NAC Agent) Default ValueField Thissetting specifiesfilesize inmegabytesfor theagentlog filesontheclient machine. Ifthelogfilesize issettozero,the agentdoesnot recordanylogin oroperation informationfor theusersession ontheclient machine. Ifthelogfilesize isotherthan zero,theagent recordsloginand session informationupto thespecified numberof megabytes. Merge5Logfilesize ifthissettingis settoYes,this settingallowsthe agentlogin dialogtoclose automatically... 
    Usage
Guidelines
Mode (Applies only to
Cisco ISE NAC Agent)
Default ValueField
Thissetting
specifiesfilesize
inmegabytesfor
theagentlog
filesontheclient
machine.
Ifthelogfilesize
issettozero,the
agentdoesnot
recordanylogin
oroperation
informationfor
theusersession
ontheclient
machine.
Ifthelogfilesize
isotherthan
zero,theagent
recordsloginand
session
informationupto
thespecified
numberof
megabytes.
Merge5Logfilesize
ifthissettingis
settoYes,this
settingallowsthe
agentlogin
dialogtoclose
automatically...

    Page 580

    Page 580 Usage Guidelines Mode (Applies only to Cisco ISE NAC Agent) Default ValueField Thissetting enablestheagent loginscreento waitfora specifiedperiod oftimeandclose automatically followingthe user authentication. Thevalidrange is0to30 seconds. Overwrite0Autoclosetimer(Not applicableforAnyConnect) Mergeparametervalueswithexistingagentprofilesettingsoroverwritethemtoappropriatelyconfigure agentbehavioronWindowsandMacOSXclients. Note... 
    Usage
Guidelines
Mode (Applies only to
Cisco ISE NAC Agent)
Default ValueField
Thissetting
enablestheagent
loginscreento
waitfora
specifiedperiod
oftimeandclose
automatically
followingthe
user
authentication.
Thevalidrange
is0to30
seconds.
Overwrite0Autoclosetimer(Not
applicableforAnyConnect)
Mergeparametervalueswithexistingagentprofilesettingsoroverwritethemtoappropriatelyconfigure
agentbehavioronWindowsandMacOSXclients.
Note...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals