03-11-2020 03:42 AM
Hi all,
I can't find any document mentioned that asa virtual cannot turn on HostScan feature.
any one can advise?
Solved! Go to Solution.
03-24-2020 06:22 AM
Hi,
The issue that you are seeing is related to the ASAv5 not having enough memory (1.5 GB) to support the newer Hostscan images on 9.12/9.13. The only workaround today is to either downgrade the software to the latest 9.8/9.9 interim or to upgrade the ASAv to v10. This is documented in CSCvs84158, but I would recommend opening a TAC case also.
03-24-2020 07:16 AM - edited 03-24-2020 07:17 AM
Thanks @Divya Nair and @Aditya Ganjoo - that was the problem.
I was running it as an ASAv5 (1 vCPU and 1.5 GB of RAM) so I shut down the ASAv and bumped the memory to 2 GB. Since I was already licensed for the higher throughput level, it came up as an ASAv10 and now the hostscan image add works fine.
ccielab-asa# show vm Virtual Platform Resource Limits -------------------------------- Number of vCPUs : 1 Processor Memory : 2048 MB Virtual Platform Resource Status -------------------------------- Number of vCPUs : 1 (Compliant) Processor Memory : 2048 MB (Compliant) Hypervisor : VMware Model Id : ASAv10 ccielab-asa# sh run webvpn webvpn enable inside enable outside hostscan image disk0:/hostscan_4.8.01090-k9.pkg anyconnect image disk0:/anyconnect-win-4.8.02045-webdeploy-k9.pkg 2 anyconnect enable tunnel-group-list enable cache disable error-recovery disable ccielab-asa#
03-11-2020 04:38 AM
I hadn't tried it before but just checked my ASAv and got the same error.
I tried from ASDM and from cli. I checked with hostscan 4.8 and 4.7 (with associated AnyConnect image versions). I have current AnyConnect Apex licenses on my ASAv.
I couldn't find anything in the documentation saying it's not supported.
03-11-2020 08:42 AM
Hi,
Never tried using HostScan on ASAv, at the same time i'm not aware of not being supported. Also, the error you're getting doesn't point me at all to this not being supported, but to some incompatibility and flash/disk space. Check this document and see how it goes:
https://www.cisco.com/c/en/us/td/docs/security/asa/migration/guide/HostscanMigration43x-46x.html
Regards,
Cristian Matei.
03-11-2020 08:47 AM
@Cristian Matei the error comes up without any existing DAP policies or LUA scripts so I don't think it's incompatibility in the context that the document you linked describes.
Also, it happens on an ASAv with lots of free disk space. Uploading other files (AnyConnect images, ASDM, etc.) works fine on the same ASAv.
I suspect it's either an undocumented incompatibility or a bug with ASAv platform.
03-11-2020 11:04 AM
Hi,
@Marvin Rhoads Some Years ago, when my clients were still using the host scan capability as a standalone feature, i never had such issues, but yes, i never deployed it on ASAv. I see what you're saying, but i would still try to fix it, making sure there is enough space, following the guide and running a good ASA code. Still not working, i would raise a TAC case, my belief is that is supported. The main features which are not supported by ASAv, as documented, like clustering, multiple-context, active/active failover, or just Cisco restrictions, not technical reason, it's just marketing, positioning the ASAv correctly. As a matter of fact, there are "custom" build ASAv images that support those features, if you know what i mean.
Regards,
Cristian Matei.
03-24-2020 06:20 AM
03-24-2020 06:22 AM
Hi,
The issue that you are seeing is related to the ASAv5 not having enough memory (1.5 GB) to support the newer Hostscan images on 9.12/9.13. The only workaround today is to either downgrade the software to the latest 9.8/9.9 interim or to upgrade the ASAv to v10. This is documented in CSCvs84158, but I would recommend opening a TAC case also.
03-24-2020 07:16 AM - edited 03-24-2020 07:17 AM
Thanks @Divya Nair and @Aditya Ganjoo - that was the problem.
I was running it as an ASAv5 (1 vCPU and 1.5 GB of RAM) so I shut down the ASAv and bumped the memory to 2 GB. Since I was already licensed for the higher throughput level, it came up as an ASAv10 and now the hostscan image add works fine.
ccielab-asa# show vm Virtual Platform Resource Limits -------------------------------- Number of vCPUs : 1 Processor Memory : 2048 MB Virtual Platform Resource Status -------------------------------- Number of vCPUs : 1 (Compliant) Processor Memory : 2048 MB (Compliant) Hypervisor : VMware Model Id : ASAv10 ccielab-asa# sh run webvpn webvpn enable inside enable outside hostscan image disk0:/hostscan_4.8.01090-k9.pkg anyconnect image disk0:/anyconnect-win-4.8.02045-webdeploy-k9.pkg 2 anyconnect enable tunnel-group-list enable cache disable error-recovery disable ccielab-asa#
03-26-2020 11:34 PM
Thanks a lot @Marvin Rhoads it work for me this method as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide