I'd like to use Cisco Secure Desktop to check a registry key to decide if it's a company-client (use AnyConnect client) or not (use web-portal). I'm a bit confused if it can be solved with Host Scan entry and DAP, or if also Prelogin Policies are required.
You can use the Prelogin Policies to check for certs, IP addresses, reg settings, or a host file. Based on either having one or many of these checks, the user can be forced into sepcific settings with CSD (i.e. CSD or not with or without locking down printing, USB,.. access). The pre-login checks do not look for AV, personnel firewall,...
So, yes you can use the pre-login check to look for a registry key to determine if it's company compliant, and then use DAP to enforce only company-clients use AnyConnect and everyone else use webportal.
Pre-login checks ensure compliance, but DAP enforces it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...