Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1724
Views
0
Helpful
0
Replies

Anyconnect Hostscan question

georgehewittuk1
Level 1
Level 1

‎08-04-2020 02:37 PM - edited ‎08-04-2020 02:40 PM

The Catalina Mac OS is not compatabile with hostscan so VPN can't be used on laptops with the new OS.

 

We are needing to upgrade (https://www.cisco.com/c/en/us/td/docs/security/asa/migration/guide/HostscanMigration43x-46x.html) but the question i have is there any way to have hostscan working for the older macs/windows but turn off for newer macs.

 

From my understanding no Hostscan has to be on due to the way it works and classify all endpoints otherwise it can be 'fooled' or is pointless.

 

From the workaround on the field notice I believe the only workaround is to do the migration or turn off completley for all endpoints.

 

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70445.html

" Workaround

If an upgrade to HostScan package 4.8.00175 or later is not an option, administrators of systems with HostScan package 4.3.x and earlier can disable HostScan on their ASA head-end in order to restore VPN connectivity. If disabled, all HostScan posture functionality and dynamic access policies (DAPs) that depend on endpoint information will be unavailable."

 

Any thoughts/comments would be appreciated on design.

 

Thanks

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents