How to configure AnyConnect Host Scan

Document

Oct 17, 2011 10:55 PM
Oct 17th, 2011

Introduction

The AnyConnect Posture Module provides the AnyConnect Secure Mobility  Client the ability to identify the operating system, anti-virus,  anti-spyware, and firewall software installed on the host. The Host Scan  application gathers this information.

Using the secure desktop manager tool in the Adaptive Security Device  Manager (ASDM), you can create a prelogin policy which evaluates the  operating system, anti-virus, anti-spyware, and firewall software Host  Scan identifies. Based on the result of the prelogin policy's  evaluation, you can control which hosts are allowed to create a remote  access connection to the security appliance.

The Host Scan support chart contains the product name and version  information for the anti-virus, anti-spyware, and firewall applications  you use in your prelogin policies. We deliver Host Scan and the Host  Scan support chart, as well as other components, in the Host Scan  package.

Starting with AnyConnect Secure Mobility Client, release 3.0, Host Scan  is available separately from CSD. This means you can deploy Host Scan  functionality without having to install CSD and you will be able to  update your Host Scan support charts by upgrading the latest Host Scan  package.

Posture assessment and the AnyConnect telemetry module require Host Scan to be installed on the host.

Host Scan Packaging

You can load the Host Scan package on to the ASA in one of these ways:

  • You can upload it as a standalone package: hostscan-version.pkg
  • You can upload it by uploading an AnyConnect Secure Mobility package: anyconnect-NGC-win-version-k9.pkg
  • You can upload it by uploading a Cisco Secure Desktop package: csd_version-k9.pkg

Installing or Upgrading Host Scan

Enter webvpn configuration mode.

ASAName(config)# webvpn

Specify the path to the package you want to designate as the Host Scan image. You can specify a standalone Host Scan package or an AnyConnect Secure Mobility Client package as the Host Scan package.

ASAName(webvpn)#csd hostscan image disk0:/hostscan-3.6.0-k9.pkg

Enables the Host Scan image you designated in the previous step.

ASAName(webvpn)#csd enable

Saves the running configuration to flash.

ASAName(webvpn)# write memory

Viewing the Host Scan Version Enabled on the ASA

Log on to the ASA and enter privileged exec mode. In privileged exec mode, the ASA displays this prompt: hostname#

ASAName# show webvpn csd hostscan

Related link:

Assigning AnyConnect Feature Modules to Group Policies

CSD host scan products for anti-syware, anti-virus, firewall

Cisco Secure Desktop (CSD) FAQ

Average Rating: 5 (1 ratings)

Actions

Login or Register to take actions

This Document

Posted October 17, 2011 at 10:55 PM
Stats:
Comments:0 Avg. Rating:5
Views:3523 Contributors:0
Shares:0
Categories: AnyConnect, ASA
+

Related Content

Documents Leaderboard

Rank Username Points
1 65
2 56
3 55
4 30
5 24
Rank Username Points
5