ASA 5505 and CSD Host Scan

Unanswered Question
Feb 27th, 2009
User Badges:


I'd like to use Cisco Secure Desktop to check a registry key to decide if it's a company-client (use AnyConnect client) or not (use web-portal). I'm a bit confused if it can be solved with Host Scan entry and DAP, or if also Prelogin Policies are required.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Thu, 03/05/2009 - 06:47
User Badges:
  • Silver, 250 points or more

As far as I know the supported prelogin checks are IP Address (Source IP range), Certificate, Registry, File and OS.

hillegas Mon, 05/04/2009 - 09:35
User Badges:

You can use the Prelogin Policies to check for certs, IP addresses, reg settings, or a host file. Based on either having one or many of these checks, the user can be forced into sepcific settings with CSD (i.e. CSD or not with or without locking down printing, USB,.. access). The pre-login checks do not look for AV, personnel firewall,...

So, yes you can use the pre-login check to look for a registry key to determine if it's company compliant, and then use DAP to enforce only company-clients use AnyConnect and everyone else use webportal.

Pre-login checks ensure compliance, but DAP enforces it.


This Discussion