Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 591

    Page 591 Web Agent Posture Discovery Request and Cisco ISE Response TheWebagentdoesnotdodiscoveryprobe.ifanendpointisconfiguredtousetheWebagent,CiscoISE respondsusingtheformat,X-ISE-PDP-WEBAGENT=FQDN".Thewebagentdiscoveryresponseisusedto invoketheCiscoNACAgentontheclient,iftheclientprovisioningpolicyisconfiguredtousetheWeb agent. Agent Displays “Temporary Access” Problem Aclientmachineisgranted“TemporaryAccess”tothenetworkfollowingloginandauthentication,but administratorandusersexpectfullnetworkaccess.... 
    Web Agent Posture Discovery Request and Cisco ISE Response
TheWebagentdoesnotdodiscoveryprobe.ifanendpointisconfiguredtousetheWebagent,CiscoISE
respondsusingtheformat,X-ISE-PDP-WEBAGENT=FQDN".Thewebagentdiscoveryresponseisusedto
invoketheCiscoNACAgentontheclient,iftheclientprovisioningpolicyisconfiguredtousetheWeb
agent.
Agent Displays “Temporary Access”
Problem
Aclientmachineisgranted“TemporaryAccess”tothenetworkfollowingloginandauthentication,but
administratorandusersexpectfullnetworkaccess....

    Page 592

    Page 592 AnyConnect CiscoISEusesanintegratedmoduleinAnyConnectforCiscoISEposturerequirements.AnyConnectisthe postureagentthatcoexistswithCiscoISENACAgentonthesameendpoint.Basedontheclientprovisioning policyconfigurationinCiscoISE,onlyoneoftheagentswillbeactiveatatime. CiscoAnyConnectisnotsupportedinCWAflow.ItcannotbeprovisionedfromtheGuestportalusing theRequireguestdevicecompliancefieldintheGuestAccess>Configure>GuestPortals>Create, EditorDuplicate>PortalBehaviorandFlowSettings>GuestDeviceComplianceSettingspage.... 
    AnyConnect
CiscoISEusesanintegratedmoduleinAnyConnectforCiscoISEposturerequirements.AnyConnectisthe
postureagentthatcoexistswithCiscoISENACAgentonthesameendpoint.Basedontheclientprovisioning
policyconfigurationinCiscoISE,onlyoneoftheagentswillbeactiveatatime.
CiscoAnyConnectisnotsupportedinCWAflow.ItcannotbeprovisionedfromtheGuestportalusing
theRequireguestdevicecompliancefieldintheGuestAccess>Configure>GuestPortals>Create,
EditorDuplicate>PortalBehaviorandFlowSettings>GuestDeviceComplianceSettingspage....

    Page 593

    Page 593 CiscostronglyrecommendsthatyouensurethatthelatestWindowshotfixesandpatchesareinstalledon WindowsXPclientssothattheCiscoNACAgentcanestablishasecureandencryptedcommunicationwith CiscoISE(viaSSLoverTCP). Uninstall the Cisco NAC Agent from Windows 7 and Earlier Clients TheCiscoNACAgentinstallstoC:\ProgramFiles\Cisco\CiscoNACAgent\ontheWindowsclient. Youcanuninstalltheagentinthefollowingways: •Bydouble-clickingtheUninstallCiscoNACAgentdesktopicon.... 
    CiscostronglyrecommendsthatyouensurethatthelatestWindowshotfixesandpatchesareinstalledon
WindowsXPclientssothattheCiscoNACAgentcanestablishasecureandencryptedcommunicationwith
CiscoISE(viaSSLoverTCP).
Uninstall the Cisco NAC Agent from Windows 7 and Earlier Clients
TheCiscoNACAgentinstallstoC:\ProgramFiles\Cisco\CiscoNACAgent\ontheWindowsclient.
Youcanuninstalltheagentinthefollowingways:
•Bydouble-clickingtheUninstallCiscoNACAgentdesktopicon....

    Page 594

    Page 594 •ForAgent/ComplianceModuleUpgrade,toastwillbedisplayedas:"ClickOKtoUpgrade/Update" •Inthe"userloggedout"event,when"AutoClose"optionforLogoffisnotenabledinCleanAccess Manager(CAM),toastnotificationisprovided.Thistoastenablestheuserstoknowthattheyhavebeen loggedoutandthattheyneedtologinagaintogetnetworkaccess. Cisco NAC Agent for Macintosh Clients TheCiscoNACOSXAgentprovidesthepostureassessmentandremediationforMacintoshclientmachines.... 
    •ForAgent/ComplianceModuleUpgrade,toastwillbedisplayedas:"ClickOKtoUpgrade/Update"
•Inthe"userloggedout"event,when"AutoClose"optionforLogoffisnotenabledinCleanAccess
Manager(CAM),toastnotificationisprovided.Thistoastenablestheuserstoknowthattheyhavebeen
loggedoutandthattheyneedtologinagaintogetnetworkaccess.
Cisco NAC Agent for Macintosh Clients
TheCiscoNACOSXAgentprovidesthepostureassessmentandremediationforMacintoshclientmachines....

    Page 595

    Page 595 ActiveXissupportedonlyonthe32-bitversionsofInternetExplorer.YoucannotinstallActiveXona Firefoxwebbrowserorona64-bitversionofInternetExplorer. Note Cisco NAC Agent Logs IntheCiscoNACAgentforWindows,right-clicktheAgentTrayIconandthenclickLogPackagertorun thesupportpackageandcollecttheagentlogs. IntheCiscoNACAgentforCiscoNACOSX,intheToolsmenu,right-clicktheAgenticonandclickthe CollectSupportLogsoptiontocollecttheagentlogsandsupportinformation.Thecollectedinformationis... 
    ActiveXissupportedonlyonthe32-bitversionsofInternetExplorer.YoucannotinstallActiveXona
Firefoxwebbrowserorona64-bitversionofInternetExplorer.
Note
Cisco NAC Agent Logs
IntheCiscoNACAgentforWindows,right-clicktheAgentTrayIconandthenclickLogPackagertorun
thesupportpackageandcollecttheagentlogs.
IntheCiscoNACAgentforCiscoNACOSX,intheToolsmenu,right-clicktheAgenticonandclickthe
CollectSupportLogsoptiontocollecttheagentlogsandsupportinformation.Thecollectedinformationis...

    Page 596

    Page 596 Custom nac_login.xml File Template Thenac_login.xmlfileisoneofthefilesthatisrequiredinyourAgentscreencustomizationpackage,which allowsyoutocustomizethelogo,fields,andmessagetextcontainedinaCiscoNACAgentdialog,likethe Propertieswindow,tosuityourspecificWindowsclientnetworkaccessrequirements. Usethefollowingtemplatetoconstructanappropriate“nac_login.xml”filetocustomizethelogo,fields,and messagetextcontainedinaCiscoNACAgentscreen. Thefollowingexampleshowsacustomizedfile. Custom nacStrings_xx.xml File... 
    Custom nac_login.xml File Template
Thenac_login.xmlfileisoneofthefilesthatisrequiredinyourAgentscreencustomizationpackage,which
allowsyoutocustomizethelogo,fields,andmessagetextcontainedinaCiscoNACAgentdialog,likethe
Propertieswindow,tosuityourspecificWindowsclientnetworkaccessrequirements.
Usethefollowingtemplatetoconstructanappropriate“nac_login.xml”filetocustomizethelogo,fields,and
messagetextcontainedinaCiscoNACAgentscreen.
Thefollowingexampleshowsacustomizedfile.

Custom nacStrings_xx.xml File...

    Page 597

    Page 597 DownloadingtheupdateofNACAgent.PackageNameCompleted%1of%2bytesSpeed%1bytes/secNACAgentPosturecomponentversion%1isavailable.%br%Doyouwanttoinstallthisupdatenow?UnabletoupdateNACAgentPosturecomponent.Pleasetryagain.DownloadingtheupdateofNACAgnetPosturecomponent.EducationFirstComplianceCheck... 
    DownloadingtheupdateofNACAgent.PackageNameCompleted%1of%2bytesSpeed%1bytes/secNACAgentPosturecomponentversion%1isavailable.%br%Doyouwanttoinstallthisupdatenow?UnabletoupdateNACAgentPosturecomponent.Pleasetryagain.DownloadingtheupdateofNACAgnetPosturecomponent.EducationFirstComplianceCheck...

    Page 598

    Page 598 ApplyCancelUpdateLaterCloseHideComplianceShowComplianceDownloadGuestAccessGoToLinkLaunchLogInRe-ScanOKHidePropertiesRejectRepairRescanResetGetRestrictedNETaccessThisonecomesdownfromthenetworkSaveReportSkipSkipAllOptionalSubmitUpdatedays Thereisapproximately%1leftuntilyourtemporarynetworkaccessexpiresYourTemporaryNetworkAccesshasExpired!%1leftExpired!Thiswindowwillclosein%1secsFullNetworkAccessYourdeviceconformswithallthesecuritypoliciesforthisprotectednetworkOnlyoptionalrequirementsarefailing.Itisre... 
    ApplyCancelUpdateLaterCloseHideComplianceShowComplianceDownloadGuestAccessGoToLinkLaunchLogInRe-ScanOKHidePropertiesRejectRepairRescanResetGetRestrictedNETaccessThisonecomesdownfromthenetworkSaveReportSkipSkipAllOptionalSubmitUpdatedays Thereisapproximately%1leftuntilyourtemporarynetworkaccessexpiresYourTemporaryNetworkAccesshasExpired!%1leftExpired!Thiswindowwillclosein%1secsFullNetworkAccessYourdeviceconformswithallthesecuritypoliciesforthisprotectednetworkOnlyoptionalrequirementsarefailing.Itisre...

    Page 599

    Page 599 Thereisatleastonemandatoryrequirementfailing.Youarerequiredtoupdateyoursystembeforeyoucanaccessthenetwork.NetworkUsageTermsandConditionsarerejected.Youwillnotbeallowedtoaccessthenetwork.RestrictedNetworkAccessgranted.Youhavebeengrantedrestrictednetworkaccessbecauseyourdevicedidnotconformwithallthesecuritypoliciesforthisprotectednetworkandyouhaveoptedtodeferupdatingyoursystem.Itisrecommendedthatyouupdateyoursystematyourearliestconvenience.TemporaryNetworkAccessPleasebepatientwhileyoursystemischeckedagains... 
    Thereisatleastonemandatoryrequirementfailing.Youarerequiredtoupdateyoursystembeforeyoucanaccessthenetwork.NetworkUsageTermsandConditionsarerejected.Youwillnotbeallowedtoaccessthenetwork.RestrictedNetworkAccessgranted.Youhavebeengrantedrestrictednetworkaccessbecauseyourdevicedidnotconformwithallthesecuritypoliciesforthisprotectednetworkandyouhaveoptedtodeferupdatingyoursystem.Itisrecommendedthatyouupdateyoursystematyourearliestconvenience.TemporaryNetworkAccessPleasebepatientwhileyoursystemischeckedagains...

    Page 600

    Page 600 CheckingforcompliancewithRequirementNameLocationSoftwareprogram(s)UpdateDonotchangecurrentsettingNotifybeforedownloadNotifybeforeinstallDownloadandinstallationChangetonotifybeforedownloadChangetonotifybeforeinstallationChangetodownloadandinstallationDescriptionSecurityComplianceSummaryScanResultRequirementNameRequirementDescription-RemediationSuggestionMandatoryOptionalPassedPleasedownloadandinstalltheoptionalsoftwarebeforeaccessingthenetworkPleasedownloadandinstalltherequiredsoftwarebeforeaccessingthene... 
    CheckingforcompliancewithRequirementNameLocationSoftwareprogram(s)UpdateDonotchangecurrentsettingNotifybeforedownloadNotifybeforeinstallDownloadandinstallationChangetonotifybeforedownloadChangetonotifybeforeinstallationChangetodownloadandinstallationDescriptionSecurityComplianceSummaryScanResultRequirementNameRequirementDescription-RemediationSuggestionMandatoryOptionalPassedPleasedownloadandinstalltheoptionalsoftwarebeforeaccessingthenetworkPleasedownloadandinstalltherequiredsoftwarebeforeaccessingthene...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals