03-06-2019 08:50 AM - edited 02-21-2020 09:35 PM
Hello,
I would like to configure basic hostscan to prevent from connecting VPN if some file doesnt exist on the endpoint or some proccess is not running on the endpoint.
I made some hostscan rules but it doesn't work - VPN connects every time.
Do I have to make some connection between my VPN configuration and hostscan configuration?
Hostscan documentation doesn't tell how to configure it.
03-07-2019 02:55 AM
Under your webvpn section you need to have "csd enable" to associate your hostscan setup with the SSL VPN.
https://community.cisco.com/t5/security-documents/how-to-configure-anyconnect-host-scan/ta-p/3118732
03-07-2019 05:30 AM
03-08-2019 12:41 AM
OK, so do you have the newer "hostscan enable" under your webvpn section?
If you do and it is not working, you can use _debug dap trace " (at ASA end) and DART package (at client side) to gather more details. TAC can assist for specific questions if you want to open a case and share those outputs with them.
03-07-2019 05:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide