VPN Posture assessment for anyconnect clients

carl_townshend · ‎12-14-2016

Hi All

Can anyone tell me what I need to do posture checks on my vpn clients using the anyconnect vpn client.

Do I need any special software or licences to do it?

I have read about the posture module, host scan and CSD.

Can anyone please enlighten me?

cheers

Carl

nspasov · ‎12-14-2016

Hello Carl-

You have two options/places where you can do posture assessment for VPN users/machines: Locally on the ASA or Through Cisco ISE

Locally on the ASA:

- Licenses: You will need to have AnyConnect Premium (AnyConnect v3.x) or AnyConnect Apex (AnyConnect v4.x)

- Configuration:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200238-ASA-VPN-posture-with-CSD-DAP-and-AnyCon.html

Through Cisco ISE:

- Licenses: You will need both AnyConnect Apex and ISE Apex Licenses (If using AnyConnect 4.x) and ISE Apex Licenses only (if you are using AnyConnect 3.x)

- Configuration:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118714-configure-ise-00.html

- Version: At the minimum you need to be running 9.2.1 or later version of the ASA code

I hope this helps!

Thank you for rating helpful posts!

carl_townshend · ‎12-15-2016

Hi

So, If we use normal anyconnect clients, do we still have to configure it under the CSD menu on the ASA ?

nspasov · ‎12-15-2016

Can you please elaborate on your last question?

Thank you for rating helpful posts!