Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
0
Helpful
4
Replies

ASA Host Scan

tholmes
Level 1
Level 1

‎12-10-2010 06:53 AM - edited ‎03-11-2019 12:20 PM

Hello,

I've recently installed an ASA5520 running 8.2.3.

The customer requires VPN Client and Clientless end point threat assessment.

I understand there is a license needed to enable end point assessment but would I also need a NAC appliance or does the ASA provide some basic end point checks.

I know that CSD does a very limited check, but it does not look for malware, Trojans, patches and anti-virus software levels etc

When I look at the Host Scan configuration on the ASDM is comes up with a box saying "Host Scan only available in Version 8.4 or later"

Cisco have ended the CSA and not replaced it, that would have been a good solution.

Any info on Host Scan or whether I need a separate NAC bundle would most appreciated

Regards Tony

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎12-10-2010 03:49 PM

Host Scan is only going to check the end point to ensure that the correct anti virus, anti spyware and personal firewall is enabled with the correct version and update. It will not be in any way the replacement for CSA where it is a host IPS.

Unfortunately there is no direct replacement for CSA within Cisco Security portfolio.

Here is the EOL notification for CSA which has referenced to that:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps2330/end_of_life_c51-602579.html

You might want to discuss this further with your Cisco AM.

Hope that helps.

0 Helpful

tholmes
Level 1
Level 1
In response to Jennifer Halim

‎12-12-2010 08:38 AM

Hi Jennifer,

Thanks for the reply, If Host Scan can do even limited end point assessment then that is very useful, considering the cost of a NAC appliance.

I'll check  into the reference to 8.4 with Cisco

Cheers Tony

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to tholmes

‎12-12-2010 02:34 PM

Host Scan can only check the end point to ensure that the  correct anti virus, anti spyware and personal firewall is enabled with  the correct version and update, ensuring that the end point is protected. It will not actually scan or provide malware scanning to the end hosts.

For malware and anti spyware scanning and URL filtering, you would need to use Ironport appliance or ScanSafe cloud solution.

0 Helpful

tholmes
Level 1
Level 1
In response to Jennifer Halim

‎12-13-2010 02:33 AM

Hi Jennifer,

Thanks for your response, I'll certainly look into this

Regards Tony

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card