ā11-18-2014 04:22 AM - edited ā02-21-2020 07:56 PM
Hi All,
I am trying to assign DAP attribute to VPN users (Anyconnect 3.0 +) who fulfill some registry condition. While configuring DAP policy , while selecting registry condition it is giving error as "cisco secure desktop (CSD) is not enabled , CSD must be enabled to configure registry endpoint attribute" . But as I percevied from link , to check registry attribute "host scan" which is integrated in anyconnect 3.0 module will be responsible . So why it is asking me to enable CSD ? Is CSD really needed to check registry attribute even if we are using anyconenct 3.0 + ? Any pointer
Solved! Go to Solution.
ā11-19-2014 06:41 PM
The ASA end needs to be enabled in addition to the AnyConnect-based bits.
Note elsewhere in the link you cited it says "Host Scan automatically identifies operating systems and service packs on any remote device establishing a Cisco clientless SSL VPN or AnyConnect client session and when CSD or Host Scan/CSD is enabled on the ASA." (emphasis added).
FYI Cisco is deprecating these features over time in favor of Posture scanning on ISE in conjunction with the new AnyConnect 4.0 posture module.
ā11-19-2014 06:41 PM
The ASA end needs to be enabled in addition to the AnyConnect-based bits.
Note elsewhere in the link you cited it says "Host Scan automatically identifies operating systems and service packs on any remote device establishing a Cisco clientless SSL VPN or AnyConnect client session and when CSD or Host Scan/CSD is enabled on the ASA." (emphasis added).
FYI Cisco is deprecating these features over time in favor of Posture scanning on ISE in conjunction with the new AnyConnect 4.0 posture module.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: