cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5578
Views
0
Helpful
9
Replies

Secure Desktop replacement

Hello Community!

I was trying to apply some conection policies for AnyConnect and it says that I need to install Secure Desktop, but it seems that is not longer a possiblity for what I found here: http://www.cisco.com/c/en/us/support/security/secure-desktop/tsd-products-support-series-home.html

Is there any new solution, workaround or steps I need to follow?

Thanks.

Rolando Valenzuela.

1 Accepted Solution

Accepted Solutions

Dinesh Moudgil
Cisco Employee
Cisco Employee

Hi Rolando,

Can you please explain what are you trying to accomplish. CSD is obsolete now and HostScan feature is used nowadays and provides relatively more features for restricting the users connection for VPN.

Here are few good reads for configuring HostScan:-
https://supportforums.cisco.com/document/74681/how-configure-anyconnect-host-scan

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/vpn_hostscan.pdf

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

9 Replies 9

Dinesh Moudgil
Cisco Employee
Cisco Employee

Hi Rolando,

Can you please explain what are you trying to accomplish. CSD is obsolete now and HostScan feature is used nowadays and provides relatively more features for restricting the users connection for VPN.

Here are few good reads for configuring HostScan:-
https://supportforums.cisco.com/document/74681/how-configure-anyconnect-host-scan

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/vpn_hostscan.pdf

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Hi Dinesh!

I know is obsolete, I needed to know the name of its replacement (HostScan I beleive) :D

I want to make sure that the PC is part of the domain ABC, has software XYZ and software QWE.

Thanks for the tip Dinesh.

Rolando Valenzuela.

Rolando,

In such a case, you can use HostScan (Endpoint Assessment) along with DAP policies to confirm the OS version, AV version , registry keys and certain applications on the workstation with VPN client.

Using Advanced Endpoint Assessment, you can have the user upgrade its AV version so that it in compliance with the policy that is created on the headend.

You might want to check this document for your reference.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Awesome!

Thanks again.

Rolando Valenzuela.

Dinesh Moudgil, just one last question, where can I download it?? all the documentation sends me to this site, but there is nothing there. A few places says that I can uses a version of AnyConnect-win-version-k9.pkg, but the one I have installed doesn't include that module.

Any suggestion?

Hi Rolando,

If you browse to Anyconnect download page at https://goo.gl/CfVjs4 .
you can download
"Full installation package - Windows / Head-end deployment (PKG) 
anyconnect-win-3.1.11004-k9.pkg

This package includes the hostscan image as well. You can download it seperately as well or just download the above said package and it will include all the other modules as well.

For checking the contents of the package, once downloaded , you can extract the files from the above package (with the help of WinRar or any other utility software) .

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Dinesh,

   How do we define the registry entry if we can not define the location of the registry entry on hostscan (see Attached)? The option is located under the Secure Desktop Manager Tree. I'm about to un-install the pre-login config as a part of removing CSD. My concern is DAP will not be able to accomplish the same registry lookups if hostscan no longer knows where to look for them? Please advise.

Check the attached file, maybe it can help you, you need to do this configuration AFTER installing HostScan (in my case is hostscan_3.1.10010-k9.pkg)

The path is under

Configuration  > Remote Access VPN > Secure Desktop Mangager > Host Scan

Hope this helps

Rolando Valenzuela.

Rolando,

    Thanks for the info, however I might have mis-understood what will actually occur when CSD is not used. From what I have found out is even though CSD is disabled the host scan option that falls under CSD will still be a configurable option. Which is actually what you were posting about. I have several entries already in the host scan endpoint options. I was nervous we would lose that feature. Again Sorry for the confusion and thanks for the quick response.

V/R

Paul Doyle