Cisco Cisco AnyConnect Secure Mobility Client v2.x Technical Manual
Cisco Adaptive Security Appliance, Version 9.3 or later
●
Cisco Identity Services Engine (ISE) Software, Versions 1.3 and Later
●
Cisco AnyConnect Secure Mobility Client, Vesion 4.0 and Later
●
Cisco Secure Desktop, Version 3.6 or Later
●
Topology and flow
Corporate policy is the following:
Remote VPN users which are having file c:\test.txt (compliant) should have full network
access to inside company resources
access to inside company resources
●
Remote VPN users which are not having file c:\test.txt (non compliant) should have limited
network access to inside company resources: only access to remediation server 1.1.1.1
should be provided.
network access to inside company resources: only access to remediation server 1.1.1.1
should be provided.
●
File existence is the simplest example. Any other condition (antivirus, antispyware, process,
application, registry) could be used.
application, registry) could be used.
The flow is the following:
Remote users does not have AnyConnect installed. They access ASA web page for CSD and
AnyConnect provisioning (along with the VPN profile)
AnyConnect provisioning (along with the VPN profile)
●
Once connecting via AnyConnect non compliant user will be allowed with limited network
access. Dynamic Access Policy (DAP) called FileNotExists will be matched.
access. Dynamic Access Policy (DAP) called FileNotExists will be matched.
●
User performs remediation (manually install file c:\test.txt) and connects again using
●