Solved: CSD, DAP, Host Scans, etc.

richardblair · ‎08-06-2013

I have a Cisco ASA 5515, running 9.0(2) and device manager version 7.1(2). What I am trying to accomplish is to examine SSL/AnyConnect client requests, check to see if they are from a company PC and allow them access if the are. If they are not, I would like to check for AV/Spyware/Firewall and start them/update them if the need it, or deny access if they are missing, will not start or will not update. It seems to me that I need to implement a combination of features to accomplish this. The problem I am having is understanding which pieces of which I actually need. My ASA is licensed for AnyConnect Premium and Advanced Endpoint Assessment, so I think I have everything I need except the brain power to untangle this.

Any help, such as good examples to follow would be much appreciated!

Marvin Rhoads · ‎08-06-2013

Yes, the AnyConnect Premium plus AEA license using CSD should cover what you need.

Have you had a look at this whitepaper on configuring Dynamic Access Policies? I believe it covers everything you're wanting to do and then some.

View solution in original post

Marvin Rhoads · ‎08-06-2013

Yes, the AnyConnect Premium plus AEA license using CSD should cover what you need.

Have you had a look at this whitepaper on configuring Dynamic Access Policies? I believe it covers everything you're wanting to do and then some.

richardblair · ‎08-07-2013

Marvin, this is excellent! Not sure why I was never able to find it before, but thanks!

Marvin Rhoads · ‎08-07-2013

You're welcome. Glad it helped.

Thanks for the rating - that one broke me into the VPN Leaderboard.

CSD, DAP, Host Scans, etc.

host scan image

CSD host scan products for anti-syware, anti-virus, firewall

Introducing Realtime DLP Download Scanning

Firepower System: SNMP監視時のOID例 (CPU, Memory, etc)

Hostscan の Dynamic access policies (DAP) を用いた Anyconnect 認証の設定例と動作確認