已有帐户?

  •   个性化内容
  •   您的产品和支持

需要帐户?

创建帐户

配置2.2客户端设置和应用程序

下载选项

  • PDF     (1.6 MB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (1.6 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (1.5 MB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2017 年 11 月 20 日
文档 ID:210514
关于翻译

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

    Introduction

    本文描述如何配置和排除在身份服务引擎(ISE) 2.2的应用程序公开性故障。如果他们符合指定的情况,应用程序公开性允许您监控在终端上安装的应用程序,创建根据该信息的策略并且杀害或者卸载应用程序在状态检查期间。AnyConnect周期地发送信息到与安装/运行应用程序和进程列表的ISE。AnyConnect能从指定的类别(浏览器、加密等等)收集信息关于所有应用程序或关于应用程序。

    Prerequisites

    Requirements

    Cisco建议您有这些题目基础知识:

    • Cisco身份服务引擎

    • 客户端设置
    • ISE状态

    Components Used

    本文档中的信息基于以下软件和硬件版本:

    • Cisco身份服务引擎版本2.2.0.470
    • Cisco AnyConnect 4.4.00243
    • AnyConnect标准模块4.2.468.0
    • Windows 7服务包1

    Configure

    配置

    第1.部分配置客户端设置 

    步骤1.加载AnyConnect程序包

    1. 连接对策略>Policy元素>结果>在ISE的客户端设置>结果。点击Add>代理程序资源从本地磁盘

    210514-ISE-2-2-Client-Provisioning-and-Applicat-00.png

    2. 选择类别, Cisco提供了程序包并且选择文件(AnyConnect程序包) :

    210514-ISE-2-2-Client-Provisioning-and-Applicat-01.png

    点击提交保存更改。

    您应该请求确认被加载的程序包校验和。他们与在Cisco网站提供的校验和比较保证程序包不是损坏的。

    步骤2.下载AnyConnect标准模块

    客户端设置结果页请点击从Cisco站点的Add>代理程序资源,因此一个窗口用可用的模块冒出。select为Windows要求了AnyConnect标准模块并且点击“Save”

    或者,如果没有在您的ISE的互联网连接您能从cisco.com下载最新的标准模块和加载它到您的ISE以与AnyConnect程序包相似的方式。

    如果有一个代理在您的网络,请配置它在管理>System >设置>代理页。

    步骤3.创建状态配置文件

    在客户端设置结果页请点击Add> NAC代理程序或AnyConnect状态配置文件并且选择AnyConnect从状态代理程序配置文件设置

    210514-ISE-2-2-Client-Provisioning-and-Applicat-02.png

    给出配置文件并且填装要求的字段。点击提交保存配置文件。

    步骤4.创建AnyConnect配置

    在客户端设置结果页请点击Add> AnyConnect配置并且选择在Step1被加载的程序包:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-03.png

    应该装载其它选项。填装所有要求的字段并且点击提交保存更改:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-04.png

    配置名称-配置的名字。这用于客户端提供的策略(下一步)。

    标准模块-在第2.步下载的挑选标准模块。

    ISE状态-请选择AnyConnect在第3.步被创建的状态配置文件。

    步骤5.配置客户端提供的策略

    连接对策略>客户端设置。结果创建新的策略或编辑一现有的一个Windows的,挑选被创建的AnyConnect配置:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-05.png

    步骤6.创建CP的授权配置文件

    连接对策略>Policy元素>结果>授权>授权配置文件并且点击添加创建新配置文件。为重定向配置它到客户端设置的门户:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-06.png

    点击提交保存配置文件。

    记住在NAD (网络接入设备)应该创建重定向ACL (在本例中其被呼叫的ISE-REDIRECT)有适当的重定向。基本的重定向ACL不应该到/从ISE PSN节点拦截数据流, DNS和DHCP。并且应该重定向HTTP和HTTPS流量。示例ACL可以在这些文件找到:在WLC和ISE的中央Web认证配置示例与交换机和身份服务引擎配置示例的中央Web认证

    步骤7.配置授权策略

    连接对策略>授权,用状态状态检查创建2个策略: 

    210514-ISE-2-2-Client-Provisioning-and-Applicat-07.png

    使用这样配置,如果终端没有安装的AnyConnect也没有完成状态,它重定向到客户端设置的门户。终端用户能从ISE安装AnyConnect,并且AnyConnect能发现ISE和检查状态。

    Click Save.

    第2.部分配置状态

    步骤1.更新状态

    连接对Administration >设置>状态>更新并且当前点击更新更新状态。它包含OPSWAT图和定义应用程序的和对于策略创建是必需的。

    210514-ISE-2-2-Client-Provisioning-and-Applicat-08.png

    或者,如果没有在您的ISE的互联网连接您能从https://www.cisco.com/web/secure/pmbu/posture-offline.html下载最新的状态更新然后连接对管理>System >设置>状态>更新,选择得脱机并且选择与状态更新的下载的文件。当前点击更新加载文件和安装状态更新。

    步骤2.创造应用程序条件

    AnyConnect收集关于安装的仅应用程序的信息用4.x (或以后)标准模块。

    使用3.x标准模块仅过程检查的版本可执行(意味着AnyConnect检查特定的程序是否运行或没有)。

    使用应用程序请陈述可以配置那些组合:

    • 安装+运行- AnyConnect收集关于当前运行进程togather的信息以安装信息
    • 安装+不运行- AnyConnect收集仅安装信息

    使用那些的提供能选择:一切名字类别

    • 如果一切那么选择得AnyConnect将设法收集关于所有安装的应用程序的信息
    • 如果名字然后选择得特定应用程序可以为策略选择。例如:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-09.png
    • 如果类别那么选择得AnyConnect从指定的类别收集关于所有appliactions的信息。例如:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-10.png

    为了收集关于安装的信息和运行在策略>Policy元素>情况>状态>应用程序情况的应用程序点击添加创造新的条件和填装要求的字段如显示:

      

    210514-ISE-2-2-Client-Provisioning-and-Applicat-11.png

    步骤3.创建状态需求

    策略>Policy元素>发生>状态>需求创建新要求以创造的应用程序条件:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-12.png

    步骤4.创建状态策略

    对收集关于应用程序的信息的enable (event) ISE和AnyConnect在状态策略应该包括一个需求以应用程序情况。状态策略可以被创建在策略>状态。如果希望收集进一步使用方法,信息需求也许设置作为审计

    210514-ISE-2-2-Client-Provisioning-and-Applicat-13.png

    第5步(可选)。更改连续监视间隔

    ISE允许您配置AnyConnect多频繁应该发送关于应用程序的更新到ISE。默认情况下间隔设置为5分钟,并且可以更改在Administration >设置>状态>General设置

    210514-ISE-2-2-Client-Provisioning-and-Applicat-14.png

      

    第6步(可选)。创建App标准

    在数据从终端后收集, App标准可以被创建在上下文公开性>终端> [ENDPOINT]

    1. 选择一个应用程序:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-15.png

    2. 点击策略动作>创建App标准
      210514-ISE-2-2-Client-Provisioning-and-Applicat-16.png

    3. 填装在一个弹出式窗口的字段:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-17.png

    4. 点击保存策略,那些项目应该创建:
      • 摆应用程序情况姿势
      • 摆应用程序修正动作姿势
      • 摆需求姿势
      • 摆策略姿势

    Verify

      

    使用本部分可确认配置能否正常运行。

    LiveLogs

    在RADIUS LiveLogs中流看起来象通常状态流:对设置的授权(CoA)的门户>更改的认证+重定向>兼容状态策略匹配。

    210514-ISE-2-2-Client-Provisioning-and-Applicat-18.png

    终端

    在客户端设置(如果AnyConnect以前未设置)和连续监视间隔配置以后,数据收集的进程可以被验证在上下文公开性>终端。点击终端的MAC地址,终端的页应该打开。它包含关于在终端安装的应用程序的信息上:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-19.png

    由于CSCve82743,您将需要两次访问终端,并且命中刷新回报应用程序表。

    状态策略元素

    应该创建那些元素与创建App标准选项:

    • 状态应用程序情况
    • 状态应用程序修正动作
    • 状态需求
    • 状态策略

    每一个可以从ISE GUI被验证。情况位于策略>Policy元素>情况>状态>应用程序情况

    210514-ISE-2-2-Client-Provisioning-and-Applicat-20.png

    补救位于策略>Policy元素>结果>状态>修正动作>应用程序补救

    210514-ISE-2-2-Client-Provisioning-and-Applicat-21.png

    需求位于策略>Policy元素>结果>状态>需求

    210514-ISE-2-2-Client-Provisioning-and-Applicat-22.png

    策略位于策略>状态

    210514-ISE-2-2-Client-Provisioning-and-Applicat-23.png

    报告

    从每个终端的每个状态报告在ISE被存储,并且可以从操作>报告被检查。有对状态报告变形:

    • 由终端摆评估姿势-为一个特定的终端提供关于状态标准的细节。
    • 由情况摆评估姿势-提供关于状态策略情况的细节。它显示哪些情况发生了故障,并且哪些情况通过了。只必须和可选的情况显示。

    由情况的状态评估

    由情况查找的状态评估如显示。在此示例一必须的情况中出故障,因此状态状态去固执:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-24.png

    由终端的状态评估

    由终端的状态评估:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-25.png

    每状态检查详细资料可以检查由点击Details报告图标- 210514-ISE-2-2-Client-Provisioning-and-Applicat-26.png

    Troubleshoot

    本部分提供了可用于对配置进行故障排除的信息。

    从ISE

    ise-psc.log包含所有状态相关信息,包括调试。状态调试可以是启用的在管理>System >记录>调试日志配置。组件名是状态

    210514-ISE-2-2-Client-Provisioning-and-Applicat-27.png

    一旦终端被连接到网络,并且AnyConnect提供援助对ISE, ISE检查EP应该是否根据被配置的状态检查核对并且发现在EP上安装标准模块的版本。基于收集的信息ISE生成EP的状态查询- NAC代理程序xml并且加密它。以后, ISE发送此查询到AnyConnect。

    2017-01-04 19:19:13,686 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- About to query posture policy for user cisco with endpoint mac C0-4A-00-15-75-C8 
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureManager -:cisco:::- agentCMVersion=4.2.468.0, agentType=AnyConnect Posture Agent, groupName=OESIS_V4_Agents -> found agent group with displayName=4.x or later
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- User cisco belongs to groups NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation,NAC Group:NAC:IdentityGroups:Any
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- About to retrieve posture policy resources for os 7 Enterprise, agent group 4.x or later and identity groups [NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation, NAC Group:NAC:IdentityGroups:Any]
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by agent group with FQN NAC Group:NAC:AgentGroupRoot:ALL:OESIS_V4_Agents
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- The evaluation result by agent group for resourceId NAC Group:NAC:Posture:PosturePolicies:Apps is Permit
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by OS group with FQN NAC Group:NAC:OsGroupRoot:ALL:WINDOWS_ALL:WINDOWS_7_ALL:WINDOWS_7_ENTERPRISE_ALL
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- stealth mode is 0
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- The evaluation result by os group for resourceId NAC Group:NAC:Posture:PosturePolicies:Apps is Permit
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by Stealth mode NSF group with FQN NAC Group:NAC:StealthModeStandard
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Procesing obligation with posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Found obligation id urn:cisco:cepm:3.3:xacml:response-qualifier for posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Found obligation id PostureReqs for posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Posture policy resource id Apps has following associated requirements []
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- policy enforcemnt is 2
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- simple condition: [Name=Apps_Collection, Description=null, Application State =installed,runnning, Provision By =Everything, monitory  Categories = []]
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- check type is ApplicationVisibility
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- NAC agent xml <?xml version="1.0" encoding="UTF-8"?><cleanmachines>
  <version>ISE: 2.2.0.423</version>
  <encryption>0</encryption>
  <package>
    <id>12</id>
    <name>Apps_collection</name>
    <description>Apps Check</description>
    <version/>
    <type>3</type>
    <optional>2</optional>
    <action>3</action>
    <check>
      <id>Apps_Collection</id>
      <category>12</category>
      <type>1202</type>
      <monitor>ALL</monitor>
      <evaluation>periodic</evaluation>
    </check>
    <criteria>(Apps_Collection)</criteria>
  </package>
</cleanmachines>

2017-01-04 19:19:13,800 INFO   [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil - getPosturePolicyHTML [<cleanmachines><version>ISE: 2.2.0.423</version><encryption>0</encryption><package><id>12</id><name>Apps_collection</name><description>Apps Check</description><version/><type>3</type><optional>2</optional><action>3</action><check><id>Apps_Collection</id><category>12</category><type>1202</type><monitor>ALL</monitor><evaluation>periodic</evaluation></check><criteria>(Apps_Collection)</criteria></package></cleanmachines>]
2017-01-04 19:19:13,800 INFO   [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil -getPosturePolicyHTML - do encrypt 
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- Encrypting policy using AES key.
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.CipherUtil -:cisco:::- Encrypting message using AES.
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- IV Base 64: AeUQGbj6CP/jMB+cTIGIGQ==
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil.getPosturePolicyHTML() returns <!--X-Perfigo-UserKey=--><!--X-Perfigo-Provider=Device Filter--><!--X-Perfigo-UserName=cisco--><!--error=1010--><!--X-Perfigo-DM-Error=1010--><!--user role=--><!--X-Perfigo-OrigRole=--><!--X-Perfigo-DM-Scan-Req=0--><!--X-ISE-IV=AeUQGbj6CP/jMB+cTIGIGQ==--><!--X-Perfigo-DM-Software-List=f5aGq8rU5wx7hFS9WnugNhy/6HaSxNtKesoqAjYkecEk56t+I/J93PtAYU0XLq451NXQhReuFktImYEPEnWwOs1bV5oOTuTsY3kEbcuR4p5Sp0cfz/j98YEubNtSKDCUGt5U8dhpOJqMYTV4UcaSP/D0FXYm10gFEjPxpPghyWcplzYwcpehIX+2vOYOSzPTEvM2kDdHTkof+/UYvBfGv8Y7YkK9P61upfSedIqdynyxUbeqknXkoCaWvUawJLVWiXAJs2atsCwJjXitwNHYzCuH/mBz/Y9AUvbLCB/cutCeyVCl7ij8wtXUAt2NpKqeEj0COOxnp5B35JTBfOSXHfVjL29E5JALaun6RR8yJlkd4apk7qflnjsu451CHY/SbKTMnqjV5bNwXfuCBf++X6X/mh0nwk+r2iWhJJFyqmNxBm2BvcJAJXOKOV7xHIhgmLj+etF4Sss/zwnFT4+WTzKI+BpbrVdnZjUP7+uvbQbIPtRFqJVI5StjZlIP4vLzFWKbWXI+itTX6hjqvNhiT2zwktvIboUZXaBV6yS5/+5cYMU3+EhWxIx/UVo0o7sX--><!--X-Perfigo-DM-Session-Time=240-->
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- User cisco belongs to groups NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation,NAC Group:NAC:IdentityGroups:Any
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- Sending response to endpoint C0-4A-00-15-75-C8 http response [[ <!--X-Perfigo-UserKey=--><!--X-Perfigo-Provider=Device Filter--><!--X-Perfigo-UserName=cisco--><!--error=1010--><!--X-Perfigo-DM-Error=1010--><!--user role=--><!--X-Perfigo-OrigRole=--><!--X-Perfigo-DM-Scan-Req=0--><!--X-ISE-IV=AeUQGbj6CP/jMB+cTIGIGQ==--><!--X-Perfigo-DM-Software-List=f5aGq8rU5wx7hFS9WnugNhy/6HaSxNtKesoqAjYkecEk56t+I/J93PtAYU0XLq451NXQhReuFktImYEPEnWwOs1bV5oOTuTsY3kEbcuR4p5Sp0cfz/j98YEubNtSKDCUGt5U8dhpOJqMYTV4UcaSP/D0FXYm10gFEjPxpPghyWcplzYwcpehIX+2vOYOSzPTEvM2kDdHTkof+/UYvBfGv8Y7YkK9P61upfSedIqdynyxUbeqknXkoCaWvUawJLVWiXAJs2atsCwJjXitwNHYzCuH/mBz/Y9AUvbLCB/cutCeyVCl7ij8wtXUAt2NpKqeEj0COOxnp5B35JTBfOSXHfVjL29E5JALaun6RR8yJlkd4apk7qflnjsu451CHY/SbKTMnqjV5bNwXfuCBf++X6X/mh0nwk+r2iWhJJFyqmNxBm2BvcJAJXOKOV7xHIhgmLj+etF4Sss/zwnFT4+WTzKI+BpbrVdnZjUP7+uvbQbIPtRFqJVI5StjZlIP4vLzFWKbWXI+itTX6hjqvNhiT2zwktvIboUZXaBV6yS5/+5cYMU3+EhWxIx/UVo0o7sX--><!--X-Perfigo-DM-Session-Time=240--> ]]
2017-01-04 19:19:13,959 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- receiving request from client C0:4A:00:15:75:C8 10.62.148.162 bcu5ksw0
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found the ipAddress that matched the http request remote address 10.62.148.162 and corresponding client mac address C0-4A-00-15-75-C8
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- looking for Radius session with input values : sessionId: 0a3e946500000066586d3c42, MacAddr: C0-4A-00-15-75-C8, ipAddr: 10.62.148.162 
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- looking for session using session ID: 0a3e946500000066586d3c42, IP addrs: [10.62.148.162], mac Addrs [C0-4A-00-15-75-C8]
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- Found session using sessionId 0a3e946500000066586d3c42

     从AnyConnect的报告全文。此报告包含关于所有的信息匹配被配置的应用程序情况的被找到的应用程序。

    2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- UDID is 766bb955e51e4ab063fd478c63acee81260ca592 for end point C0-4A-00-15-75-C8
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- os version from user agent is 1.2.1.6.1.4
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Received posture request [parameters: reqtype=, userip=10.62.148.162, clientmac=C0-4A-00-15-75-C8, os=, osVerison=1.2.1.6.1.4, architecture=, provider=, state=, userAgent=Mozilla/4.0 (compatible; WINDOWS; 1.2.1.6.1.4; AnyConnect Posture Agent v.4.4.00209), session_id=
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found a session info for endpoint C0-4A-00-15-75-C8 cisco
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Got userid cisco from cache for endpoint C0-4A-00-15-75-C8/
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Report IV in Base64: JjneGgZcJbmjqMKQcy8kJg==
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Using AES shared secret to decrypt report.
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.util.CipherUtil -::::- Decrypting message using AES.
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>12</id><status>1</status><check><chk_id>Apps_Collection</chk_id><diff>0</diff><application><diff>0</diff><id></id><name>Adobe Flash Player 23 NPAPI</name><vendor>Adobe Systems Incorporated</vendor><version>23.0.0.207</version><category>Unclassified</category></application><application><diff>0</diff><id>104</id><name>Adobe Flash Player</name><vendor>Adobe Systems Inc.</vendor><version>23.0.0.207</version><path>C:\Windows\SysWOW64\Macromed\Flash\</path><category>Unclassified</category></application><application><diff>0</diff><id>873</id><name>BitLocker Drive Encryption</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>DiskEncryption</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Diagnostics and Reporting Tool</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\DART\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect ISE Compliance Module</name><vendor>Cisco Systems, Inc</vendor><version>4.2.468.0</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect ISE Posture Module</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path><category>Unclassified</category><process><diff>0</diff><pid>704</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path><hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash></process><process><diff>0</diff><pid>1296</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path><hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash></process><process><diff>0</diff><pid>3076</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path><hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash></process><process><diff>0</diff><pid>3384</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path><hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash></process><process><diff>0</diff><pid>15924</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path><hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash></process></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Profile Editor</name><vendor>Cisco Systems, Inc.</vendor><version>4.1.08005</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Profile Editor\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Secure Mobility Client </name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Secure Mobility Client</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path><category>Unclassified</category><process><diff>0</diff><pid>704</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path><hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash></process><process><diff>0</diff><pid>1296</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path><hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash></process><process><diff>0</diff><pid>3076</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path><hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash></process><process><diff>0</diff><pid>3384</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path><hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash></process><process><diff>0</diff><pid>15924</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path><hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash></process></application><application><diff>0</diff><id></id><name>Cisco NAC Agent </name><vendor>Cisco Systems, Inc.</vendor><version>4.9.5.10</version><path>C:\Program Files (x86)\Cisco\Cisco NAC Agent\</path><category>Unclassified</category><process><diff>0</diff><pid>1444</pid><path>c:\program files (x86)\cisco\cisco nac agent\nacagent.exe</path><hash>502EF2A864254A2DF555E029BE2C39E94B111E8B01534D7161826650DE4CEB4D</hash></process><process><diff>0</diff><pid>2320</pid><path>c:\program files (x86)\cisco\cisco nac agent\nacagentui.exe</path><hash>DC617419F082BEAF26521E48CB410282631F93F1359E604A4D3D181A04FEE1FB</hash></process></application><application><diff>0</diff><id>293</id><name>DAEMON Tools Lite</name><vendor>Disc Soft Ltd</vendor><version>4.49.1.0356</version><path>C:\Program Files (x86)\DAEMON Tools Lite\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Digital Operatives PAINT Beta</name><vendor></vendor><version>0.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>FileZilla Server</name><vendor>FileZilla Project</vendor><version>beta 0.9.44</version><path>C:\Program Files (x86)\FileZilla Server\</path><category>Unclassified</category><process><diff>0</diff><pid>1408</pid><path>c:\program files (x86)\filezilla server\filezilla server.exe</path><hash>E8DB1409DB694A90C759F418346AE5D71014AE3513A8B865B50923AD0DFEE395</hash></process><process><diff>0</diff><pid>2348</pid><path>c:\program files (x86)\filezilla server\filezilla server interface.exe</path><hash>F57B0A7F4A9EBAACC1A67323EBB93D96FA910524FAE842953551DBA103EF71C5</hash></process></application><application><diff>0</diff><id>180</id><name>FileZilla</name><vendor>FileZilla Project</vendor><version>3.8.1.0</version><path>C:\Program Files (x86)\FileZilla FTP Client\</path><category>FileShare</category></application><application><diff>0</diff><id>39</id><name>Google Chrome</name><vendor>Google Inc.</vendor><version>55.0.2883.87</version><path>C:\Program Files (x86)\Google\Chrome\Application\</path><category>AntiPhishing,Browser</category></application><application><diff>0</diff><id></id><name>Google Update Helper</name><vendor>Google Inc.</vendor><version>1.3.24.15</version><category>Unclassified</category></application><application><diff>0</diff><id>100</id><name>Internet Explorer</name><vendor>Microsoft Corporation</vendor><version>11.0.9600.18524</version><path>C:\Program Files\Internet Explorer\</path><category>AntiPhishing,Browser</category></application><application><diff>0</diff><id></id><name>Java 7 Update 79</name><vendor>Oracle</vendor><version>7.0.790</version><path>C:\Program Files (x86)\Java\jre7\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Java 8 Update 91</name><vendor>Oracle Corporation</vendor><version>8.0.910.15</version><path>C:\Program Files (x86)\Java\jre1.8.0_91\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Java Auto Updater</name><vendor>Oracle Corporation</vendor><version>2.8.91.15</version><category>Unclassified</category></application><application><diff>0</diff><id>111</id><name>Java</name><vendor>Oracle Corporation</vendor><version>7.0.790.15</version><path>C:\Program Files (x86)\Java\jre7\bin\</path><category>Unclassified</category></application><application><diff>0</diff><id>111</id><name>Java</name><vendor>Oracle Corporation</vendor><version>8.0.910.15</version><path>C:\Program Files (x86)\Java\jre1.8.0_91\bin\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft .NET Framework 4.6.1</name><vendor>Microsoft Corporation</vendor><version>4.6.01055</version><path>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Network Monitor 3.4</name><vendor>Microsoft Corporation</vendor><version>3.4.2350.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Network Monitor: NetworkMonitor Parsers 3.4</name><vendor>Microsoft Corporation</vendor><version>3.4.2350.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148</name><vendor>Microsoft Corporation</vendor><version>9.0.30729.4148</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</name><vendor>Microsoft Corporation</vendor><version>9.0.30729.4148</version><category>Unclassified</category></application><application><diff>0</diff><id>44</id><name>Mozilla Firefox</name><vendor>Mozilla Corporation</vendor><version>47.0.2</version><path>C:\Program Files (x86)\Mozilla Firefox\</path><category>AntiPhishing,Browser</category><process><diff>0</diff><pid>8292</pid><path>c:\program files (x86)\mozilla firefox\firefox.exe</path><hash>47F80E4FC4C43FAF468D94F5D51AAC78A125CC720FCBEA0B88B5F29D06719CE9</hash></process></application><application><diff>0</diff><id></id><name>Mozilla Maintenance Service</name><vendor>Mozilla</vendor><version>47.0.2.6148</version><category>Unclassified</category></application><application><diff>0</diff><id>298</id><name>Notepad++</name><vendor>Notepad++ Team</vendor><version>6.63</version><path>C:\Program Files (x86)\Notepad++\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)</name><vendor>Microsoft Corporation</vendor><version>2</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3164025)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>TP-LINK TL-WDN3200 Driver</name><vendor>TP-LINK</vendor><version>1.1.0</version><path>C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility and Driver\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Tftpd32 Standalone Edition (remove only)</name><vendor></vendor><version>0.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>VMware Tools</name><vendor>VMware, Inc.</vendor><version>9.4.15.2827462</version><path>C:\Program Files\VMware\VMware Tools\</path><category>Unclassified</category><process><diff>0</diff><pid>952</pid><path>c:\program files\vmware\vmware tools\vmtoolsd.exe</path><hash>5C642EF7F4EF65A0445B2C2CD227F9431835712EE7F1BD4D01D1F7472199DE47</hash></process><process><diff>0</diff><pid>1516</pid><path>c:\program files\vmware\vmware tools\vmtoolsd.exe</path><hash>5C642EF7F4EF65A0445B2C2CD227F9431835712EE7F1BD4D01D1F7472199DE47</hash></process></application><application><diff>0</diff><id></id><name>WinPcap 4.1.3</name><vendor>Riverbed Technology, Inc.</vendor><version>4.1.0.2980</version><category>Unclassified</category></application><application><diff>0</diff><id>300</id><name>WinPcap</name><vendor>Riverbed Technology, Inc.</vendor><version>4.1.0.2980</version><path>C:\Program Files (x86)\WinPcap\</path><category>Unclassified</category></application><application><diff>0</diff><id>923</id><name>Windows Backup and Restore</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>BackupClient</category></application><application><diff>0</diff><id>362</id><name>Windows Defender</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Program Files\Windows Defender\</path><category>AntiMalware</category></application><application><diff>0</diff><id>283</id><name>Windows Firewall</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>FireWall</category></application><application><diff>0</diff><id>1612</id><name>Windows Media Player</name><vendor>Microsoft Corporation</vendor><version>12.0.7601.23517</version><path>C:\Program Files\Windows Media Player\</path><category>Unclassified</category><process><diff>0</diff><pid>1596</pid><path>c:\program files\windows media player\wmpnetwk.exe</path><hash>306467D280E99D0616E839278A4DB5BED684F002AE284C3678CABB5251459CB3</hash></process></application><application><diff>0</diff><id>1587</id><name>Windows Security Health Agent</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>HealthAgent</category></application><application><diff>0</diff><id>1090</id><name>Windows Update Agent</name><vendor>Microsoft Corporation</vendor><version>7.6.7601.19161</version><path>C:\Windows\System32\</path><category>PatchManagement</category></application><application><diff>0</diff><id>1106</id><name>Windows VPN Client</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>VPNClient</category></application><application><diff>0</diff><id>207</id><name>Wireshark</name><vendor>The Wireshark developer community</vendor><version>1.10.7</version><path>C:\Program Files (x86)\Wireshark\</path><category>Unclassified</category></application></check></package></report> ]]
...

    所有报告是XML字符串。示例被格式化的报告:

    <report>
	<version>1000</version>
	<package>
		<id>12</id>
		<status>1</status>
		<check>
			<chk_id>Apps_Collection</chk_id>
			<diff>0</diff>
			<application>
				<diff>0</diff>
				<id>104</id>
				<name>Adobe Flash Player</name>
				<vendor>Adobe Systems Inc.</vendor>
				<version>23.0.0.207</version>
				<path>C:\Windows\SysWOW64\Macromed\Flash\</path>
				<category>Unclassified</category>
			</application>
...
			<application>
				<diff>0</diff>
				<id></id>
				<name>Cisco AnyConnect ISE Posture Module</name>
				<vendor>Cisco Systems, Inc.</vendor>
				<version>4.4.00209</version>
				<path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path>
				<category>Unclassified</category>
				<process>
					<diff>0</diff>
					<pid>704</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path>
					<hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>1296</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path>
					<hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>3076</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path>
					<hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>3384</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path>
					<hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>15924</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path>
					<hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash>
				</process>
			</application>
    ...
		</check>
	</package>
</report>

    AnyConnect发送仅报告全文关于第一个连接。进一步它发送仅更改。例如, Notepad++在一些时间以后开始了:

    2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Received posture request [parameters: reqtype=, userip=10.62.148.162, clientmac=C0-4A-00-15-75-C8, os=, osVerison=1.2.1.6.1.4, architecture=, provider=, state=, userAgent=Mozilla/4.0 (compatible; WINDOWS; 1.2.1.6.1.4; AnyConnect Posture Agent v.4.4.00209), session_id=
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found a session info for endpoint C0-4A-00-15-75-C8 cisco
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Got userid cisco from cache for endpoint C0-4A-00-15-75-C8/
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Report IV in Base64: JjneGgZcJbmjqMKQcy8kJg==
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Using AES shared secret to decrypt report.
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.util.CipherUtil -::::- Decrypting message using AES.
2017-01-04 19:24:37,930 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>12</id><status>1</status><check><chk_id>Apps_Collection</chk_id><diff>1</diff><application><diff>2</diff><id>298</id><name>Notepad++</name><vendor>Notepad++ Team</vendor><version>6.63</version><path>C:\Program Files (x86)\Notepad++\</path><category>Unclassified</category><process><diff>0</diff><pid>16460</pid><path>c:\program files (x86)\notepad++\notepad++.exe</path><hash>43E9F528CD2405E6DD117857D440A634769C6E11C4D986605354C2605B6E7D84</hash></process></application></check></package></report> ]]

    格式化:

    <report>
	<version>1000</version>
	<package>
		<id>12</id>
		<status>1</status>
		<check>
			<chk_id>Apps_Collection</chk_id>
			<diff>1</diff>
			<application>
				<diff>2</diff>
				<id>298</id>
				<name>Notepad++</name>
				<vendor>Notepad++ Team</vendor>
				<version>6.63</version>
				<path>C:\Program Files (x86)\Notepad++\</path>
				<category>Unclassified</category>
				<process>
					<diff>0</diff>
					<pid>16460</pid>
					<path>c:\program files (x86)\notepad++\notepad++.exe</path>
					<hash>43E9F528CD2405E6DD117857D440A634769C6E11C4D986605354C2605B6E7D84</hash>
				</process>
			</application>
		</check>
	</package>
</report>

    从AnyConnect

    文件AnyConnect_ISEPosture.txt包含所有相关日志和调试。此文件可以在终端收集的箭套件找到。这是安排报表的示例,它用AES256加密:

    ******************************************

Date        : 01/04/2017
Time        : 19:34:38
Type        : Unknown
Source      : acise

Description : Function: Authenticator::bldMonitorReport
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 724
Level: info

Monitor Report: &user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1IvCqrVOplj17TAcVXEht8NkDg0OT9jM%2fTNH%2fMKllc0o6Ha5juJo4YtWDWY%2bnOancw%3d%3d. 

******************************************

Date        : 01/04/2017
Time        : 19:34:38
Type        : Unknown
Source      : acise

Description : Function: Authenticator::buildAndSendHttpMsg
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 196
Level: debug

MSG_SN_HTTP_REQUEST, {{url="https://ise22-pri.example.com:8443/auth/perfigo_validate.jsp"}, {server="ise22-pri.example.com"}, {method="post"}, {object_path=""}, {reuse_existing=1}, {close_when_done=0}, {pkt="&user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1IvCqrVOplj17TAcVXEht8NkDg0OT9jM%2fTNH%2fMKllc0o6Ha5juJo4YtWDWY%2bnOancw%3d%3d"}, {path=""}, {type=1}}. 

******************************************

Date        : 01/04/2017
Time        : 19:34:39
Type        : Unknown
Source      : acise

Description : Function: HttpHandler::createOutgoingHTTPSMessage
Thread Id: 0xD3C
File: HttpHandler.cpp
Line: 295
Level: debug

MSG_NS_HTTP_RESPONSE, {{success=1}, {pkt="<!--error=0--><!--X-Perfigo-DM-Error=0--><!--X-Perfigo-Monitoring-Interval=5-->"}, {type=1}}.

    常见问题

    AnyConnect不能到达ISE

    在这种情况下AnyConnect_ISEPosture.txt包含错误:

    ******************************************

Date        : 01/04/2017
Time        : 20:04:40
Type        : Unknown
Source      : acise

Description : Function: Authenticator::buildAndSendHttpMsg
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 196
Level: debug

MSG_SN_HTTP_REQUEST, {{url="https://ise22-pri.example.com:8443/auth/perfigo_validate.jsp"}, {server="ise22-pri.example.com"}, {method="post"}, {object_path=""}, {reuse_existing=1}, {close_when_done=0}, {pkt="&user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1Pdu7AztTn%2f3VYph9WNF1jGljXSuTFmr38e%2bvDXQnx7avYHs9meVItYqA6MecAJK3WdkBNSrK1bYjmIvzkAPqR2LuoflnA9IcNOTZQ9iN%2fknOjlLqsiV5eV6jlMSUeOakKsTwy1gbPsFz99eKdtaCMv1F%2fsAmvLApjpke0IMKorXXkvpJURtAtOMK75ltXdykC85ihgHcI10JW7mlpvIppk5MbCZjihQbXldr5%2fQVdpB8eRqMHF1iCK1gx96lwwdzBSfr%2bgrcF4072fYYNOa9cYnTFShgU%2bxrnBDcJ1GUoYE9K5nTfGQ01p4NrcbLjpM79e14v14YgfQhmSfktwxfA8pY7A6jmL3BIp3O9gmQVnoTqaaccqkW76uT%2bPkjVOyrOgdG0CYwUwUMVqpctGKorxx1C3IwXhBWUmvRY9p2LRdePRqnCN8hpiesyk%2bzTnyX0OaNdHD6%2bGEMGo9QjQvwrL9dcvrUxxHtlQcJPekXajXPfn98FpC8z%2b966tcz4DfMN6giSlEfK6y5%2bMpk0oAL%2fV4XMg296PDocGaeTK1OUR7Qkl%2b7S2fv%2fCfZdiQaTndZ6zHWuimq5JBRElmuKI9hWRN2cPERcDn64ISZZSiz9yPoJPlPPpFsfggkc2PdS0OEEtMiM%2bBjNKcFx2Tcsq76eYfDtvDq9tGzjST8opInlIiXdAzdbeWsjCAerCvS73xg2vd2DHfpFlrd5lVa3qwo3Vov3nFiAz4l3IrI1fOHjAE7rCZTy2dWU455icOjmO%2bCVAS3SzWCea4fZu3fAhmIhAVQKE1cFZ4CyyBv8934OVw62Bxu5ij0wbHOStA8TSbxJXyuGBw8cqTPfuUtqPLx6nWtcRZ6p13MuQTq%2bKZLZ7hwY2Urf1o1Gi9OPGyo5zuJZAuQInU%2bkJKU6ycXHZo17Uti3DITCy0%2fG%2bQ2gixzBIpmJctekKJO243rZiU1wbOUPWLzGum8ydRu3im2LiDisXquAu7ipY5P0D475AZN3Cd6nlIPP5MOra493QhX4Il39q%2birT1%2f5F7tI%2fKLv20fWFC%2fjKbfu%2bFe4QIbdtiSCvLkyZ%2bWDwBMWSXHGE11CoErbj4LJP3h4oqLto17riGCYMb%2bRHZXNJA2bwjcfgY4w2FE4hrL0cC6D3YgZxHHpUeT4gMXoXj0EJwODxQwElc9yfoe%2bDgJ4Fy6%2fXc0ymDFYU7oOouAc0nwPKZwhZn4Q3mMZIG5aeOFcx9IM6M47IcMMbo0r78aUk8M94h5f4sK6JxHz75B6JyTx3H%2bxFDJ3j5UtUYj1oir4CLQJgR8ABhMDGxqhAN4c4wA4y790bh2F5PxkVXMGYb4ghFNt3jIHGXRMENPTYkelnD0fa1mMmhJUXE%2fVAshJ8aZwcGCU%2fNhSkCATRXb5UDAmeaSkwe3m4bcRtfBbNZ1l5CNQVH8ZPZsKlGCNpD6dOYkSxa%2ffErYqImEzm9itwSzUujQXI%2f8%2f%2fKewc9jeBujwHqnjuIYg5sJbjk%2bqc%2fwy5hKHTbxFacnFJlgvJhHt3mht8oRC9EbbsULoAK1fvLe4%2fE%2bqFjOe02bw4sQuu1ssMKxLsNQMCTIZFzhl0K6BZdfo1RonKG0MEG1K%2ftSDNC4eyQw9ewYhgpozDVHW1yprpVY9UgcTvFVSh0Vy%2bWde4b0dtmPdhbQhvvsQOSgnxIX6a8GN4AwXEoE7CoP6%2fFZiTAJTuxUKMjC1m8iAsrAurJugnEgaKKugSNkl9y7bgSiYB6zkthDclEyBFWc1rAEcfH6oMJs59aJodXnPSAA9FuyqLCWB%2f3WFZ03efhTviz2101G8%2fsWMxR0w%2fR56oNH2wzUwkmh9oczFaYLpJPzg6k47oh1zmDJraqyvWgzzfPIipa7EKK8YvsuO4BCFgMrDZtYZnCO6B9CFoKDCNJE9Wxl%2bhTdzFCA4GpeLE4nT7y1j113iTV%2faWyImNLaRMU2ZiwuKy%2bd2OH55LqnLBCxrUUIMH7Ku4Mhd%2fYvw1NVpcZZ0L%2bWOkMoephk2XXE4OQAY7Rk%2f%2fRnCbbHlFOVQmEVOoxNneBElleajK%2fxX6C0BZBaebAVYluwdGkkktvgQ5gUvzMiyqbsvzyUMzq%2fhqKY7vVMWUeyCsBnybuGPSILJIkMgdgjiz%2baUZsOyZsUE%2b7PPyiqphqXNRfQ6tj8wTzq7a2Z5XgCYI10Piqj1mg6hY1TiRYuPanyBqh61LFKxblkpQJX2339pqB4RBOzF4%2f3CsvfjU302NSU9fypX5dBYubAZt80DOBe84FSnQIX3pfX2%2fW9LqclyWbxC2QSOfHoe6TgkCiOall%2fqUHWqeOogbgLO5s5ffBoNmUCxhJW%2fH1EqKcsFzA%2ba%2f2Q0%2bs2m99Rqlxdd55bg67LXVPGfKh2dbVHjghXjO90nLEtVwCfs8oMUIg%2bmnip%2fdA7wDz4Nsma2W0ugEhOjpfFbL2TxHLhE0r%2bwy3t%2bosvtaXNJZg84LJKpt3J%2bmc0pnIBH5S5H7zrNDKUnIYXY8BD5n1clZi4wwkRIp62avJw7lN22zNHsjp7NUjTYw9X%2f1Iti1TKxjPZuitU%2bITeCRRHzeoaeGbzE1E%2bGSSqemw7F1wx4w9JXHDajH%2bY4iX7z2Y4OrY1JQQleeS9KWzw5HdiCpuHmhMtLMSpz%2fGagw7KeaLEe9FxwrOYILS%2fXuBStZ1XOpbQHIlH0ZdQbv2I%2bA%2f3j3GvalSul%2f0YVWlPPPIC2OgkSSbd4HyXXh9TEB8dhDmfucy5VEZ5MsuOTgytkALNSK0t9cyvsAcWTQf0uVAMnyBeaMPJAvdE9fXUiH628eMD9PHvt3cL0GYdRR9WBUcszIFtJNIA5AXj7abdbc6VZ8DqX4YfJ1xgTqg2qKSJqXvtbi5BJU49BGaxu01Ta6eBo2ABLtgBxKzb8DYNYqyqRB%2bYkgr5YdU6z6va15jQJYGUJYVwZ8xDsKvYHz1fUFAHldzxkq44myNAjD1H0DoYhQaXUl20UXkgO9w5kBqTfmKj9DOJhs5Q88ilebAbHHxm3GTZSJpP51jQjsPSUi3doX3Mz8E7W5pYptxtW1XPwcSHhkxuhWjbVKKQRTgM5uSXCPQ0PDAqcc6NybV2t1BK3GhQSPzsQ5k3wkldK7CYuUWMpKTMNLZDVF8i25DoGpA0K5m5s3VMAukLA9Gob5ysU%2fsu2TVBrJZDOsa3L%2bNoF2b01f8BC32e. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Unknown
Source      : acise

Description : Function: hs_transport_winhttp_post
Thread Id: 0xD3C
File: hs_transport_winhttp.c
Line: 5776
Level: debug

unable to send request: 12029. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Unknown
Source      : acise

Description : Function: HttpHandler::createOutgoingHTTPSMessage
Thread Id: 0xD3C
File: HttpHandler.cpp
Line: 295
Level: debug

MSG_NS_HTTP_RESPONSE, {{success=0}, {pkt=""}, {type=1}}. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Error
Source      : acise

Description : Function: Authenticator::parsePostureData
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 257
Level: error

Failed to communicate with CAS.. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Error
Source      : acise

Description : Function: SMNavPosture::SMP_handleMonitorResp
Thread Id: 0xD3C
File: SMNavPosture.cpp
Line: 495
Level: error

Failed to parse monitor response. 

    ***************************************** 

    当创建从EP视图时的App标准ISE投掷“零位”错误

    多数常见原因有“空”消息在App标准的创建时从EP视图的是缺乏必需的OPSWAT图。对多数最新版本的状态更新应该调整此问题。

    TAC Authored

    由思科工程师提供

    • Vitaly Kumov
      Cisco TAC工程师

    此文档是否有帮助?

    Feedback反馈

    联系我们

    相关的思科社区讨论

    本文档适用于以下产品