I have had success using this forum previously, so hoping someone might be able to help again!
We are deploying CSA (basically to sue as a firewall) to a number of our remote access laptops. For security reasons the default state for the CSA agent is to deny all network traffic (except DNS and DHCP traffic). The CSA agent is set to change its system state when the host receives an IP in our networks range and the MC is reachable. This system state then allows all network communication.
The problem I am finding is that it takes around 20-40 seconds for the system state to change when the conditions are met, which means that when someone logs into the laptop the network login script does not run as it is still denying network traffic at that stage. Also when the laptop goes into 'standby' or 'hibernation' mode the CSA seems to go back to the 'deny all network traffic' state and can not be changed unless you reboot the laptop.
Has anyone got any ideas on how how to get around these issues?
Occasionally, an application might appear to not function properly with the Cisco Security Agent installed. The symptoms are that the application does not launch, or the application launches and then suddenly exits. Also, there are no events in the event log and the problem is not resolved when the agent is placed into testmode.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...