05-04-2011 03:41 PM
I'm testing the CSD pre-login policy checking while I'm using the clientless VPN. I found that if the java is not detected then I'll the this information, "Weblaunch for Cisco Secure Desktop was unsuccessful. If you wish to manually start the Cisco Secure Desktop, you may download a native Cisco Secure Desktop launcher."
But below it, I also see "or Login using the link below (some resources may be unavailable):
Login"
It means that I can bypass the CSD pre-login policy checking if the JAVA is not installed.
Is this right? or do I miss anything?
Solved! Go to Solution.
05-11-2011 07:21 AM
You can use Dynamic Access Policies (DAP) to make additional checks. These checks use CSD and if CSD is not running (or bypassed) the DfltAccessPolicy is applied. You can set it to terminate the connection and show a message to the user. Before the DfltAccessPolicy you have to have a permissive policy where you check something which is always true (e.g. the all kind of OSes) and set the action to continue.
If you have not only clientless connections additional tunning may be required.
Update:
A good docs about the CSD existence check:
05-11-2011 07:21 AM
You can use Dynamic Access Policies (DAP) to make additional checks. These checks use CSD and if CSD is not running (or bypassed) the DfltAccessPolicy is applied. You can set it to terminate the connection and show a message to the user. Before the DfltAccessPolicy you have to have a permissive policy where you check something which is always true (e.g. the all kind of OSes) and set the action to continue.
If you have not only clientless connections additional tunning may be required.
Update:
A good docs about the CSD existence check:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide