I hit an issue. The fix was to match the hostscan module to the same version as the secure client.
If you are having issues upgrade to latest/recommended release.
Keep in mind when DAP is switched on its global for all anyconnect profiles so you need to make sure you have DAP rules setup to cover everything.
Posture is only checked once on connection its not a constant thing (like CSA, which is still only checking/enforcing every 5-15 minutes)
If you are still having issues:
- Start a putty session with logging enabled
- sh run all dynamic-access-policy-record
- debug dap trace 255
- debug dap errors
- apply the DAP in FMC and push policy
- sh run all dynamic-access-policy-record
- show tech
- send the output to cisco tac
No comments:
Post a Comment