cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1848
Views
0
Helpful
2
Replies

ASA AnyConnect Essentials and NAC

mmedwid
Level 3
Level 3

If you have the AnyConnect Essentials license for VPN - is the ASA capable of doing any NAC such as checking for registry value or checking is firewall definitions are up to date?  Thanks.

1 Accepted Solution

Accepted Solutions

Todd Pula
Level 7
Level 7

With an AnyConnect Essentials license enabled, clientless WebVPN, Cisco Secure Desktop (CSD), and Advanced Endpoint Assessment functionality is disabled.  Because of this, you will not be able to do registry checks, verify anti-virus updates, etc.

View solution in original post

2 Replies 2

Todd Pula
Level 7
Level 7

With an AnyConnect Essentials license enabled, clientless WebVPN, Cisco Secure Desktop (CSD), and Advanced Endpoint Assessment functionality is disabled.  Because of this, you will not be able to do registry checks, verify anti-virus updates, etc.

Unfortunately the AnyConnect Premium license, which allows for this, costs more than 100 times as much as the AnyConnect Essentials license, so it's a non-starter for us. 

I would like to pose a simple, basic question: Is there any practical, meaningful way, with an AnyConnect Essentials license, to restrict which client machines can connect?  We have no problem with certain users, it's the machines they connect from that may be a problem.  We have no problem requiring a human judgement call regarding which clients are suitable.  Any ideas?

Has anybody had any luck with using manually issued client certificates for this purpose?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: