12-05-2017 06:04 AM - edited 03-12-2019 04:47 AM
Hi,
I'm currently configuring AnyConnect on an ASA with hostscan and dynamic access policies. If the client already has AnyConnect installed it works great, posturing completes and the DAPs are assessed sucessfully.
My issue is for a new client without AnyConnect installed. If they connect to the ASA interface with webvpn enabled via a browser it attempts to run CSD and ActiveX/Java which is giving mixed results.
On a Mac running 10.3.1 and Java 8 with Safari the CSD process loops through the Java step indefinitely with the Java console outputting this:
Tue Dec 05 13:12:58 GMT 2017 Failed to download cstub
Chrome fails entirely but allows me to skip to the login page, however the user cannot log on as the fallback to the default DAP which terminates the connection.
On Windows 10 devices it works in some instances however the process is finicky, end users have to add sites to trusted sites, tweak Java settings etc.
I'm not interested in using a clientless VPN, I just want the users to connect to the ASA's webvpn enabled interface, bypass the CSD process and be offered the AnyConnect client as a download to install it manually as it does without hostscan/CSD enabled.
Is this achievable?
Version details:
ASA 9.6(3)3
AnyConnect 4.5.02036
HostScan 4.3.05043
Solved! Go to Solution.
12-05-2017 06:20 AM
12-05-2017 06:20 AM
12-05-2017 08:59 AM
Thank you, here's what I did based on your suggestion.
I created an additional DAP at a lower priority to check for group membership from AD, I linked a network ACL which denied all traffic to that DAP.
Created another tunnel-group/profile with a group url of https://fqdn/setup with CSD disabled. Linked a group policy pushing a profile to this group.
On first connection the user goes to https://fqdn/setup and gets the client and connects, upon connection a banner prompts the user to disconnect then reconnect using the AnyConnect client.
Thanks for your guidance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide