Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1415
Views
0
Helpful
1
Replies

Host Scan on ASA-Anyconnect

J_Vansen_S
Level 3
Level 3

‎05-15-2011 07:34 PM - edited ‎02-21-2020 05:20 PM

ASA 8.4

Anyconnect 3.0

My objective is to get the host scanned for Anti-virus. But failed to get it to work.
I am using a test lab without an external AAA server. All credentials are stored locally. Is a radius server needed for this to work?


I  have tried to disabled the laptop's Microsoft Security Essential, but  it still managed to pass the post check and logs me into the VPN

  • Endpoint Assessment ver3.4.17.1 enabled
  • DAP- AAA  Attribute i have used the VPN connection profile & Endpoint attributes i have selected the Microsoft Security Essential.

Greatly appreciate if someone may provide me the pointer to correctly configure the DAP

My understanding of the DAP is limited

Thanks

Labels:
Preview file
291 KB
0 Helpful
1 Reply 1

Tommy Alexander
Cisco Employee
Cisco Employee

‎05-19-2011 03:53 AM

Hi,

Hostscan does not require radius.

Based on your DAP configuration, it looks like the default DAP policy action is set to continue.

If you have a specifc DAP policy (new one you created) set to continue, then the default should be set to terminate such that when it does not match that record, it will match again default and it will be set to terminate.

You can verify which dap record its matching by running the following debug:

debug dap trace

debug dap error

This will show you what hostscan results are retrieved from the machine scan and what DAP record is matched.

Please check the following article for more details:

https://supportforums.cisco.com/docs/DOC-1369#Configuring_Dynamic_Access_Policies

0 Helpful
Customers Also Viewed These Support Documents