cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2428
Views
25
Helpful
8
Replies

ASA virtual unable to activate HostScan

Freemen
Level 1
Level 1

Hi all,

 

I can't find any document mentioned that asa virtual cannot turn on HostScan feature.

 

any one can advise?

Screenshot 2020-03-11 at 18.40.44.png

2 Accepted Solutions

Accepted Solutions

Divya Nair
Cisco Employee
Cisco Employee

Hi,

 

The issue that you are seeing is related to the ASAv5 not having enough memory (1.5 GB) to support the newer Hostscan images on 9.12/9.13. The only workaround today is to either downgrade the software to the latest 9.8/9.9 interim or to upgrade the ASAv to v10. This is documented in CSCvs84158, but I would recommend opening a TAC case also.

View solution in original post

Thanks @Divya Nair  and @Aditya Ganjoo - that was the problem.

I was running it as an ASAv5 (1 vCPU and 1.5 GB of RAM) so I shut down the ASAv and bumped the memory to 2 GB. Since I was already licensed for the higher throughput level, it came up as an ASAv10 and now the hostscan image add works fine.

ccielab-asa# show vm

Virtual Platform Resource Limits
--------------------------------
Number of vCPUs              :     1 
Processor Memory             :  2048 MB 

Virtual Platform Resource Status
--------------------------------
Number of vCPUs                 :     1     (Compliant)
Processor Memory                :  2048 MB  (Compliant)
Hypervisor                      :   VMware
Model Id                        :   ASAv10
ccielab-asa# sh run webvpn
webvpn
 enable inside
 enable outside
 hostscan image disk0:/hostscan_4.8.01090-k9.pkg
 anyconnect image disk0:/anyconnect-win-4.8.02045-webdeploy-k9.pkg 2
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
ccielab-asa# 

 

View solution in original post

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

I hadn't tried it before but just checked my ASAv and got the same error.

I tried from ASDM and from cli. I checked with hostscan 4.8 and 4.7 (with associated AnyConnect image versions). I have current AnyConnect Apex licenses on my ASAv.

I couldn't find anything in the documentation saying it's not supported.

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

 

   Never tried using HostScan on ASAv, at the same time i'm not aware of not being supported. Also, the error you're getting doesn't point me at all to this not being supported, but to some incompatibility and flash/disk space. Check this document and see how it goes:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/migration/guide/HostscanMigration43x-46x.html

 

Regards,

Cristian Matei.

@Cristian Matei the error comes up without any existing DAP policies or LUA scripts so I don't think it's incompatibility in the context that the document you linked describes.

Also, it happens on an ASAv with lots of free disk space. Uploading other files (AnyConnect images, ASDM, etc.) works fine on the same ASAv.

I suspect it's either an undocumented incompatibility or a bug with ASAv platform.

Hi,

    

    @Marvin Rhoads Some Years ago, when my clients were still using the host scan capability as a standalone feature, i never had such issues, but yes, i never deployed it on ASAv. I see what you're saying, but i would still try to fix it, making sure there is enough space, following the guide and running a good ASA code. Still not working, i would raise a TAC case, my belief is that is supported. The main features which are not supported by ASAv, as documented, like clustering, multiple-context, active/active failover, or just Cisco restrictions, not technical reason, it's just marketing, positioning the ASAv correctly. As a matter of fact, there are "custom" build ASAv images that support those features, if you know what i mean.

 

Regards,

Cristian Matei.

Divya Nair
Cisco Employee
Cisco Employee

Hi,

 

The issue that you are seeing is related to the ASAv5 not having enough memory (1.5 GB) to support the newer Hostscan images on 9.12/9.13. The only workaround today is to either downgrade the software to the latest 9.8/9.9 interim or to upgrade the ASAv to v10. This is documented in CSCvs84158, but I would recommend opening a TAC case also.

Thanks @Divya Nair  and @Aditya Ganjoo - that was the problem.

I was running it as an ASAv5 (1 vCPU and 1.5 GB of RAM) so I shut down the ASAv and bumped the memory to 2 GB. Since I was already licensed for the higher throughput level, it came up as an ASAv10 and now the hostscan image add works fine.

ccielab-asa# show vm

Virtual Platform Resource Limits
--------------------------------
Number of vCPUs              :     1 
Processor Memory             :  2048 MB 

Virtual Platform Resource Status
--------------------------------
Number of vCPUs                 :     1     (Compliant)
Processor Memory                :  2048 MB  (Compliant)
Hypervisor                      :   VMware
Model Id                        :   ASAv10
ccielab-asa# sh run webvpn
webvpn
 enable inside
 enable outside
 hostscan image disk0:/hostscan_4.8.01090-k9.pkg
 anyconnect image disk0:/anyconnect-win-4.8.02045-webdeploy-k9.pkg 2
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
ccielab-asa# 

 

Thanks a lot @Marvin Rhoads it work for me this method as well.