Host Scan File Size

1970IT · ‎11-01-2017

Cisco AnyConnect Client installed on Windows Clients connecting to Cisco ASA works fine 99% of the time but from time to time we have clients who can not connect. The error message is that "hostscan results exceeded configured limit"

We have been increasing the limt in 100kb increments but the issue continues to come up. What can cause the file size to increase? Is there a way to see the file and see what is included in it?

Any help would be appreciated

Thanks

Rahul Govindan · ‎11-01-2017

On major contributor to Hostscan File size that I have seen is the number of personal certificates. Some applications install certificates on user machines-I have seen a scenario where there were 200 certs on one machine. Each cert has multiple fields, so all this together adds to the size of the hostscan file. A quick way to search is to enable Hostscan at debug level (under CSD section of ASDM) and run the Anyconnect DART. I believe there is a log file under Posture called cscan.log that gives you what the Hostscan scanned on your machine. That would be a good place to start.

1970IT · ‎11-01-2017

Hi Raul,

Thanks for getting back to me. I had looked at certificates but we only have two applications that install a certificate, I tried removing them as a test and it made no difference, also had one laptop that was able to connect and another that's file size was too large and they both had the same certificates. so I don't think that is the issue in our case.

I will have a look at changing the debug level see if that gives any other clues, thanks.

Any other known things that make the file size increase?

Host Scan File Size

[CES] AsnycOS 14.3でのContent ScannerのMaximum File Size Scan Limitについて

Introducing Realtime DLP Download Scanning

cisco C2960L-24PQ download big file will lost packet

Secure the Private Access with File Inspection and File Type controls

IOS XR: BLB の host LC reload 時に BGP 等の BFD client が flap する