Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5505 and CSD Host Scan


I'd like to use Cisco Secure Desktop to check a registry key to decide if it's a company-client (use AnyConnect client) or not (use web-portal). I'm a bit confused if it can be solved with Host Scan entry and DAP, or if also Prelogin Policies are required.


Re: ASA 5505 and CSD Host Scan

As far as I know the supported prelogin checks are IP Address (Source IP range), Certificate, Registry, File and OS.

New Member

Re: ASA 5505 and CSD Host Scan

You can use the Prelogin Policies to check for certs, IP addresses, reg settings, or a host file. Based on either having one or many of these checks, the user can be forced into sepcific settings with CSD (i.e. CSD or not with or without locking down printing, USB,.. access). The pre-login checks do not look for AV, personnel firewall,...

So, yes you can use the pre-login check to look for a registry key to determine if it's company compliant, and then use DAP to enforce only company-clients use AnyConnect and everyone else use webportal.

Pre-login checks ensure compliance, but DAP enforces it.