Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
0
Replies

Anyconnect posture validation

Anand Thakur
Level 1
Level 1

‎03-25-2015 01:50 AM - edited ‎03-10-2019 10:35 PM

Hello All,

 

I am trying to configure Posture validation on my Cisco ASA with Anyconnect. I have uploaded the host scan image and the CSD image on the firewall and enabled both.

After i configure a Dynamic Access Policy (DAP) for checking if the system through which user is trying to connect is installed with Symantec Endpoint Protection and if it is updated within last 15 days. As per recommendation from Cisco i have disabled the Default policy. With this policy in place, if i try to connect to VPN from a laptop which is compliant to the condition i am unable to connect.

 

Attaching the screenshot of the policy i have configured, please let me know if anything more that has to be done.

 

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.4(7)23
Device Manager Version 7.3(3)

Compiled on Tue 09-Sep-14 15:45 by builders
System image file is "disk0:/asa847-23-k8.bin"
Config file at boot was "startup-config"

AP-PUNE-ASA up 32 days 3 hours

Hardware:   ASA5510-K8, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1

 0: Ext: Ethernet0/0         : address is 001b.2a34.b77a, irq 9
 1: Ext: Ethernet0/1         : address is 001b.2a34.b77b, irq 9
 2: Ext: Ethernet0/2         : address is 001b.2a34.b77c, irq 9
 3: Ext: Ethernet0/3         : address is 001b.2a34.b77d, irq 9
 4: Ext: Management0/0       : address is 001b.2a34.b779, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1116L1BK
Running Permanent Activation Key: 0x62037353 0x3425458a 0xccf1d564 0xae340060 0x0d1007a4
Configuration register is 0x1
Configuration last modified by inat8222a at 12:14:47.316 IST Wed Mar 25 2015


Regards,

 

Anand

Labels:
Preview file
62 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents