Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,We currently have a Legacy SCEP deployment using ASAs and Windows Server 2008 R2 PKI environment for AnyConnect client certificate enrollment. I'd like to switch from Legacy SCEP to SCEP Proxy, but it isn't clear that SCEP Proxy supports the "...
Is it possible to run multiple copies of ASDM on the Mac so that I can be connected to multiple ASAs via ASDM at the same time? I can do this on a PC with no problem, but I can't seem to figure out how to do this on the Mac.Thanks,Jim
We currently use a cut-through proxy-like feature on Juniper SSG firewalls for our guest wireless network that allows a seven day (168 hour) timeoout, which matches the DHCP lease time. This extended time is not a problem with the SSG since it maint...
Is there an easy way to get a packet level debug for an AnyConnect client? Wireshark on the client doesn't seem to recognize the AnyConnect virtual adapter, and I can't find anything in the AnyConnect documentation. I can span the inside ASA interf...
Hi,I'm attempting to write a LUA script to help fill in the blanks when Host Scan can't properly detect an AV or FW package. This seems to happen with newer packages because of the delay getting the updated OPSWAT DLLs integrated with CSD.Below is a...
Hi Mike,I wish that were the case. When I try to set uauth timeout to 168 hours, I get an error because my xlate timeout is set much lower. It appears to me that the uauth timout is directly linked to the xlate timeout. I'm looking for a way to ha...
Hi Frederico,Thanks for the reply. From my testing 'debug webvpn svc 255' doesn't provide any raw client packet data except for the session initiation. I'm looking for either of the following:1) A snapshot of every packet through the L4 header that...
Hi Tony,Just a thought... You might verify that case sensitivity isn't causing a problem with Smart Tunnel process matching. When I checked my PC with Office 2007, the process name is EXCEL.EXE rather than excel.exe. Good luck,Jim
That's a great walkthrough, but I find the WebVPN interface looks cleaner to those with less privileges if you create separate bookmark lists to go along with the separate policies. So there would be an "Everyone" bookmark list, and a "Payroll" book...
So I had some syntax and logic errors to work through. I have two different methods that appear to work.To make this work, when a client fw is not detected properly by OPSWAT, an admin verifies the problem, then adds an appropriate Host Scan process...
