I think were talking about something different. You mention that the difference is in the values you match on. That's when you create the actual conditions (PA:OS, Host:Hotfixes, Host:Kernel etc).
After that you assign a posture token to the condition set.....the option is Cisco:Host or Cisco:PA (healthy, quarantine etc etc) If you create an AND logic condition that includes Cisco:PA and Cisco:Host match statement - they all still need to match before it can assign a token right? So when choosing the type of token to assign, why would you assign a Cisco:Host token over a Cisco:PA token? Sorry for battering this to death, but I'm not quite getting it. Regards, Paul On Sat, Apr 10, 2010 at 6:24 PM, Brandon Carroll <[email protected]>wrote: > The difference is in the values you are matching on. > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: <[email protected]>[email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: <http://www.ipexpert.com/chat> > www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at > <http://www.ipexpert.com>www.ipexpert.com > > On Apr 10, 2010, at 10:18 AM, Paul Alexander <[email protected]> wrote: > > Okay, I think I get some of that. Here's the example i'm confused by: > > *Condition 1* > Cisco:PA:OS-Type contains Windows 2000 > AND > Cisco:Host:Hotfixes=KB14478 > > Posture Token= Cisco:Host:Healthy > > *Condition 2* > Default > > Posture Token Cisco:Host:Quarantine > > > > Now in this case, what is the difference in me using Cisco:Host instead of > Cisco:PA for the posture tokens (healthy and quarantine)?? > > > Thanks for all your help mate, its appreciated. > > > Paul. > > > > On Sat, Apr 10, 2010 at 5:27 PM, Brandon Carroll < <[email protected]> > [email protected]> wrote: > >> I understand. It can be frustrating. >> >> So basically yes you need the CTA to get the posture information back to >> ACS. Take a read of this: >> <http://www.cisco.com/en/US/docs/security/cta/admin_guide/ctaPlugn.html#wp1043483> >> http://www.cisco.com/en/US/docs/security/cta/admin_guide/ctaPlugn.html#wp1043483 >> and if it's still giving you a hard time let me know. >> >> Basically you have application posture tokens that can be different. so- >> Cisco:Host values can posture to healthy and Cisco:PA can posture to >> Quarantine. Then of the two different application posture tokens ACS takes >> the lowest value, in this case Quarantine and assigns that as the System >> Posture Token. Here is another way to look at it. >> >> Lets say you want to see the following: >> >> Cisco:Host:HotFixes=KB65643 >> and that equals Healthy else assign Quarantine as the Application Posture >> Token. >> >> and >> >> Cisco:PA:OS-Type=Windows XP Professional >> and that equals Healthy lse assign Quarantine as the Application Posture >> Token. >> >> If both items are true the System Posture Token would be Healthy. >> >> If only 1 is true the other will assign the Application Posture Token of >> Quarantine and ACS looks at both, picks the lowest and assigns the System >> Posture Token to Quarantine. >> >> HTH >> >> >> >> Regards, >> >> Brandon Carroll - CCIE #23837 >> Senior Technical Instructor - IPexpert >> Mailto: <[email protected]>[email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: <http://www.ipexpert.com/chat> >> www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> <http://www.ipexpert.com/communities>www.ipexpert.com/communities and our >> public website at <http://www.ipexpert.com>www.ipexpert.com >> >> >> >> On Apr 10, 2010, at 9:07 AM, Paul Alexander wrote: >> >> ssign a token of 'Cisco:PA Healthy' as opposed to 'Cisc >> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
