Техническая Инструкция для Cisco Cisco Identity Services Engine Software
Configure ISE Version 1.4 Posture with Microsoft
WSUS
WSUS
Document ID: 119214
Contributed by Michal Garcarz, Cisco TAC Engineer.
Aug 03, 2015
Aug 03, 2015
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Microsoft WSUS
ASA
ISE
Posture Remediation for WSUS
Posture Requirement for WSUS
AnyConnect Profile
Client Provisioning Rules
Authorization Profiles
Authorization Rules
Verify
PC with Updated GPO Policies
Approve a Critical Update on the WSUS
Check the PC Status on the WSUS
VPN Session Established
Posture Module Receives Policies from the ISE and Performs Remediation
Full Network Access
Troubleshoot
Important Notes
Option Details for WSUS Remediation
Windows Update Service
SCCM Integration
Related Information
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Microsoft WSUS
ASA
ISE
Posture Remediation for WSUS
Posture Requirement for WSUS
AnyConnect Profile
Client Provisioning Rules
Authorization Profiles
Authorization Rules
Verify
PC with Updated GPO Policies
Approve a Critical Update on the WSUS
Check the PC Status on the WSUS
VPN Session Established
Posture Module Receives Policies from the ISE and Performs Remediation
Full Network Access
Troubleshoot
Important Notes
Option Details for WSUS Remediation
Windows Update Service
SCCM Integration
Related Information
Introduction
This document describes how to configure the Cisco Identity Services Engine (ISE) posture functionality
when it is integrated with the Microsoft Windows Server Update Services (WSUS).
when it is integrated with the Microsoft Windows Server Update Services (WSUS).
Note
: When you access the network, you are redirected to the ISE for Cisco AnyConnect Secure Mobility
Client Version 4.1 provisioning with a posture module, which checks the compliance status on the WSUS and
installs the necessary updates in order for the station to be compliant. Once the station is reported as
compliant, the ISE allows for full network access.
installs the necessary updates in order for the station to be compliant. Once the station is reported as
compliant, the ISE allows for full network access.