Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA AnyConnect Essentials and NAC

If you have the AnyConnect Essentials license for VPN - is the ASA capable of doing any NAC such as checking for registry value or checking is firewall definitions are up to date?  Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA AnyConnect Essentials and NAC

With an AnyConnect Essentials license enabled, clientless WebVPN, Cisco Secure Desktop (CSD), and Advanced Endpoint Assessment functionality is disabled.  Because of this, you will not be able to do registry checks, verify anti-virus updates, etc.

2 REPLIES

Re: ASA AnyConnect Essentials and NAC

With an AnyConnect Essentials license enabled, clientless WebVPN, Cisco Secure Desktop (CSD), and Advanced Endpoint Assessment functionality is disabled.  Because of this, you will not be able to do registry checks, verify anti-virus updates, etc.

Community Member

Re: ASA AnyConnect Essentials and NAC

Unfortunately the AnyConnect Premium license, which allows for this, costs more than 100 times as much as the AnyConnect Essentials license, so it's a non-starter for us. 

I would like to pose a simple, basic question: Is there any practical, meaningful way, with an AnyConnect Essentials license, to restrict which client machines can connect?  We have no problem with certain users, it's the machines they connect from that may be a problem.  We have no problem requiring a human judgement call regarding which clients are suitable.  Any ideas?

Has anybody had any luck with using manually issued client certificates for this purpose?

1288
Views
0
Helpful
2
Replies
CreatePlease to create content