Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an ASA running 8.0.4(28) providing SSL VPN access to AnyConnect clients running version 2.3.0254. When connecting, authentication works great using RSA tokens. After authentication, the Clean Access Agent (CAA) is invoked by the NAC Clean Ac...
When using SSL VPN with NAC, we have NAC configured to assess and remediate AV signatures and OS updates with Windows SUS. The issue we have is the lenght of time it takes (never less than 90 seconds) for SUS to complete the assessment of the remote...
How can I use TCPdump with the CAS? When specifying a physical interface while using TCPdump, it only picks up broadcast traffic. For example tcpdump -vv -nn -i eth1. Is there special options to look at all traffic through the CAS in my L3 deploym...
I would like to configure my ASA 5520 to support 3 scenarios in the same box:- Untrusted (kiosk mode) where the remote host is forced to use CSD- Trusted host identified by regedit and can select either SSL VPN or WebVPN (portal only, no CSD) by drop...
I have a presentation server farm sitting behind a Cisco ASA. The ASA acts as the Citrix Access Gateway in this design and provides a WebVPN connection with Secure Desktop to the remote client via SSL. The Cisco ASA is configured with a certficate fr...
You can use the Prelogin Policies to check for certs, IP addresses, reg settings, or a host file. Based on either having one or many of these checks, the user can be forced into sepcific settings with CSD (i.e. CSD or not with or without locking dow...
Some additional info:The 831 to 2651 works fine when both are connected directly to the Internet. When connected directly to the Internet, the payload traffic is passed and is fragmented and re-assembled over ESP. However, when the 831 is connected...
After doing some research, that is what my thought was, but was hoping someone would provide an alternative. Thanks for the response and verification.th