cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1737
Views
0
Helpful
0
Replies

Anyconnect Hostscan question

georgehewittuk1
Level 1
Level 1

The Catalina Mac OS is not compatabile with hostscan so VPN can't be used on laptops with the new OS.

 

We are needing to upgrade (https://www.cisco.com/c/en/us/td/docs/security/asa/migration/guide/HostscanMigration43x-46x.html) but the question i have is there any way to have hostscan working for the older macs/windows but turn off for newer macs.

 

From my understanding no Hostscan has to be on due to the way it works and classify all endpoints otherwise it can be 'fooled' or is pointless.

 

From the workaround on the field notice I believe the only workaround is to do the migration or turn off completley for all endpoints.

 

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70445.html

" Workaround

If an upgrade to HostScan package 4.8.00175 or later is not an option, administrators of systems with HostScan package 4.3.x and earlier can disable HostScan on their ASA head-end in order to restore VPN connectivity. If disabled, all HostScan posture functionality and dynamic access policies (DAPs) that depend on endpoint information will be unavailable."

 

Any thoughts/comments would be appreciated on design.

 

Thanks

0 Replies 0