cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1655
Views
5
Helpful
3
Replies

Anyconnect Hostscan on Linux Fails (iptables firewall)

epotash
Level 1
Level 1

Hello,

I am unable to use anyconnect under linux due to a failure in the hostscan module to detect the firewall. This was working as recently as January. The cscan.log file now shows:

[Thu Jun 15 14:36:40.779 2017][cscan]Function: log_cb_hostscan Thread Id: 0x35FD5740 File: scan.c Line: 53 Level: debug :: found firewall ==> (IPTablesFW) (IPTables (Linux)) (1.6.0) (failed).

whereas it used to show:

[Mon Nov 07 12:23:37.217 2016][cscan][debug][log_cb_hostscan] found firewall ==> (IPTablesFW) (IPTables (Linux)) (1.6.0).

What is hostscan looking for in iptables? Is there a particular set of rules that are necessary?

Thanks!

1 Accepted Solution

Accepted Solutions

pcarco
Cisco Employee
Cisco Employee

In DAP the only options for checking Linux IPTables  are shown below in the screenshot.

Has there been any upgrades recently ?  Is the FW disabled ?

Best regards,

Paul

AC TME

View solution in original post

3 Replies 3

pcarco
Cisco Employee
Cisco Employee

In DAP the only options for checking Linux IPTables  are shown below in the screenshot.

Has there been any upgrades recently ?  Is the FW disabled ?

Best regards,

Paul

AC TME

phydroxide
Level 1
Level 1

This thread still doesn't address what the builtin endpoint.fw attributes are looking for. An upgrade to Mint 20 has broken this for me Cisco AnyConnect Secure Mobility Client (version 4.7.04056).

In a large organization I need some clues as to a workaround because the head ends will take a while to fix not to mention get anybody's attention to actually do it, and I need to get back to getting work done. 

phush
Level 1
Level 1

It would be great if Cisco actually answered the original question. I suspect the IPtables check is failing because of a change to the iptables package no longer using the xt_time module

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: