We use DAP and endpoint assessment with AnyConnect to check for anti-virus software on our clients. We are using ASA 5540 with ver. 8.2.3 and AnyConnect 2.5.2001 with Secure Desktop 3.5.
The AnyConnect has been configured (in the xml profile) to ignore proxy settings and just connect - this works fine.
But we enabled the DAP policy to use endpoint assessment last week, and the hostscan.exe that runs on the client during posture assessment doesn't allow access when a proxy server (which of course is unreachable since you aren't connected with VPN yet) is defined. Removing the proxy settings let's you right through.
The error is: Posture Assessment failed. As if it didn't find the anti-virus software or something, but obviously that's not the case. Right before the error it says that Hostscan is looking for updates, and it must be that process that fails.
Anyone experiencing this as well?
This probably is a similar scenario as in this bug CSCsv68395 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv68395), wherein the CSD ignores proxy settings and tried to contact the ASA directly, but still not sure why the posture assessment should fail. Let me look at this more and get back to you.
Thanks for your reply.
I can see in the release notes however, that the bug you refer to was fixed in 3.5.841 of CSD. And we are running 3.5.1077