Hi,
i have created 2 services for VPN users accesing over Cisco ASA.
Service #1 is WEBAUTH type (Web based health Check only). Here we check firewall status and as a result we get HEALTHY or QUARANTINE posture token. In general, this works fine because the token is updated when we enable/disable firewall.
Service #2 is RADIUS type (RADIUS enforcement Generic). Our intention is to apply certain policy depending on the posture token we created in service #1.
Our problem is that we always get token status UNKNOWN for service #2.
We have maneged to set up similar setup with Aruba Instant AP and when i compare Access tracker Output i see that the one for Instant AP has Radius Response attibute Radius:IETF:Calling-Station-Id with the MAC address of the client for a value.
So my questions are:
1) Is Radius:IETF:Calling-Station-Id key attribute in order to reuse Token in service #2 ?
2) Is there any tech note for Clearpass and ASA VPN integration?
Thanks