This is because the CSD HostScan code signing certificate expired yesterday. Mac and Windows users are not affected as the client code only checks if the certificate was valid when the code was signed. However, the Linux code checks on the current validity of the certificate.
The behavior on Linux will be changed as soon as posisble to mirror the treatment on MAC and Windows. While we don't recommend changing the system clock as a matter of course, for the time being the only way around it is to reset the linux system clock to something before Feb 7th, 2013. Please see bug CSCue49663 for addition details. Important UPDATE: This bug is now fixed in AC 3.1.2043.
Your ASA should be configured as follows: webvpn enable outside csd hostscan image disk0:/hostscan_3.1.02043-k9.pkg csd enable anyconnect image disk0:/anyconnect-win-3.1.02040-k9.pkg 1 regex "Windows NT" anyconnect image disk0:/anyconnect-macosx-i386-3.1.02040-k9.pkg 2 regex "Mac OS" anyconnect image disk0:/anyconnect-linux-3.1.02043-k9.pkg* 3 regex "Linux"
I am having an issue with incoming rules. Here is my running config. : Saved:: Serial Number: JAD21290D2D: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores):ASA Version 9.8(1)!hostname ciscoasaenable password $sha512$500...
Question - Where is the "posture requirement policy" from the headend stored on the endpoint? How accessible is it, what security controls do we have to prevent this data from being maliciously used by an attacker if he/she gets access to the endpoint an...