For those of you who are working on the CCNP Security and are being taught that you must use and Inline Posture Enforcement Point (IPEP) or what I often call an Inline Posture Node (IPN), with an ASA for ISE policy application, that should now come with a caveat. The caveat is that Cisco ASA 9.2(1) now offers support for Radius Change-of-Authorization. This means you go from the following:
With CoA Support we can now do the following:
Of course that’s very high level, but you should get the point that the IPN is no longer
required. Still, for the SISAS exam unless Cisco updates the content of the course/exam, this feature did not exist when it was written and you should still refer to the IPN deployment scenario.