View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0128 - SSL VPN AnyConnect Hostscan and Endpoint Assessment (Part 2)

SEC0128 - SSL VPN AnyConnect Hostscan and Endpoint Assessment (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video takes you through the Cisco ASA AnyConnect VPN abilities to gather VPN client information using Hostscan and basic Endpoint Assessment features. We will be deploying a Hostscan agent as part of an AnyConnect Posture module, and creating a pre-login policy from device registry and OS checks to categorize the endpoint and allow or deny VPN access accordingly. The video finishes with enabling Host Scan extension as a preparation to the next lab video.
 
Part 2 of this video goes over pre-login policy testing and enabling host scan extension
 
Topic:
  • Host Scan and AnyConnect Posture Module
  • VPN Pre-Login Policy
    • Certificate Check
    • Registry Check
    • OS Check
  • Host Scan Extension
Tag: 
sslvpn
asa
anyconnect
host scan
posture
pre-login policy
endpoint assessment

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

2 comments

Submitted by rojhot on Wed, 05/24/2017 - 12:25

Hello,

Thank you for the videos, they are very helpful. I am trying to find a way to detect/gather information about end users computers' name, public IP, SSL VPN duration. Basically pretty much everything in sh vpn-sessiondb details anyconnect , plus computer name, whether a domain or personal computer (without restrict anything at the beginning) So I can start to build new access-list and policies.

We currently use ASA5540 with failover mode. We authenticate our end users with SecureAuth certificate. The main goal is to restrict non-domain computers but we want to identify them first. We have a Syslog server, I am trying to pull this information to the Solarwinds Orion server via SNMP traps.

Do you know if there is a way to do that?

Thank you
Regards

-Erdo

Submitted by admin on Wed, 05/24/2017 - 20:32

DAP should give you a lot of information. For the domain computer check, we don't believe there is a wuick way to do that but to do some kind of certificate or registry value check. 

Poll

Vote for the Next Video Series