Security

Hi there.

I'd like to configure the following VPN connection trough ClearPass:

Currently the endpoint has to use AnyConnect and Symantec VIP access to connect to the corporative network.

Cisco ASA is authenticating with AD credentials, the user has to generate a token from Symantec VIP access and concatenate it to the password field.

Now we have todo a posture check (SCCM and AntiVirus updated), based on this define if the endpoint is healthy or not, if healthy status, then device is connected to the network. If the device is unhealthy, then send an alert message to the end user beacuse we can't download updates by VPN.

By the way, we're using ClearPass 6.8.2. 

I'm new about OnGuard and I need some help to know how to integrate these platforms. Could you help me please?

I have a similar setup to the OP except that we're using Cisco AnyConnect as the VPN client and RSA for the token pin.  We're also looking for how to properly set this up in CPPM with OnGuard to allow the authentication to be done and then to do the posture check.  Based on whether you're healthy or unhealthy, it would then either connect you or disconnect you (respectively) from the VPN service.

I have not come across any articles or VRDs for this kind of scenario and lot of the information is years old now.  Is there anything up to date that we can reference or can we get assistance on the way to set this up in these forums?