Okay, I think I get some of that. Here's the example i'm confused by: *Condition 1* Cisco:PA:OS-Type contains Windows 2000 AND Cisco:Host:Hotfixes=KB14478
Posture Token= Cisco:Host:Healthy *Condition 2* Default Posture Token Cisco:Host:Quarantine Now in this case, what is the difference in me using Cisco:Host instead of Cisco:PA for the posture tokens (healthy and quarantine)?? Thanks for all your help mate, its appreciated. Paul. On Sat, Apr 10, 2010 at 5:27 PM, Brandon Carroll <[email protected]>wrote: > I understand. It can be frustrating. > > So basically yes you need the CTA to get the posture information back to > ACS. Take a read of this: > http://www.cisco.com/en/US/docs/security/cta/admin_guide/ctaPlugn.html#wp1043483 > and if it's still giving you a hard time let me know. > > Basically you have application posture tokens that can be different. so- > Cisco:Host values can posture to healthy and Cisco:PA can posture to > Quarantine. Then of the two different application posture tokens ACS takes > the lowest value, in this case Quarantine and assigns that as the System > Posture Token. Here is another way to look at it. > > Lets say you want to see the following: > > Cisco:Host:HotFixes=KB65643 > and that equals Healthy else assign Quarantine as the Application Posture > Token. > > and > > Cisco:PA:OS-Type=Windows XP Professional > and that equals Healthy lse assign Quarantine as the Application Posture > Token. > > If both items are true the System Posture Token would be Healthy. > > If only 1 is true the other will assign the Application Posture Token of > Quarantine and ACS looks at both, picks the lowest and assigns the System > Posture Token to Quarantine. > > HTH > > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 10, 2010, at 9:07 AM, Paul Alexander wrote: > > ssign a token of 'Cisco:PA Healthy' as opposed to 'Cisc > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
