Solved

Cisco ASA - Enable Cisco Secure Desktop or Cache Cleaner Per Profile, Not Globally

Posted on 2010-11-09
5
1,151 Views
Last Modified: 2012-05-10
I'm running a Cisco ASA 5520 8.2(1) for secure VPN access.  We use both AnyConnect and WebVPN.  I am trying to enable either Cisco Secure Desktop or Cache Cleaner for a certain AnyConnect profile, while not applying it to the other profiles.  Is this possible?  Seems to me like it's just a checkbox on or off, and I can't find anything in the group policies to enable or disable for a given policy.  I'm using the ASDM for this (easier for me on things like this than CLI) so if this is possible please describe how to get to it in the ASDM.

Thanks
0
Comment
Question by:hachemp
  • 3
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
kellemann earned 500 total points
ID: 34100926
Short answer, yes you can. It's a relatively new command called without-csd
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1636433
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34100967
Sorry, forgot about the ASDM part. I am not a big user of ASDM, but I can't find the ASDM equivalent to the the without-csd command.
0
 

Author Comment

by:hachemp
ID: 34105864
Thanks for the response kellemann.  The only problem I see with this is that it seems to apply specifically to webVPN and then specifically to certain URLs.  I tried using the 'without-csd' command on one of my AnyConnect tunnel-groups and it didn't stop it from using CSD.  Unfortunately, according to the link you sent, 'the group-url command is required for the without-csd command to have an effect.'

Is there another way I should be using this?  I'm not averse to using CLI to do this, just need to know if what I need can be accomplished with this command, and if I'm using it correctly.  
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34110257
Sorry, that's the only way to create differentiate CSD. See this FAQ:
https://supportforums.cisco.com/docs/DOC-1247#Q_Can_CSD_be_enabled_on_a_pergrouppolicy_post_authentication
0
 

Author Comment

by:hachemp
ID: 34112007
Thanks a lot for the info.  It's unfortunate that they don't provide this yet but you answered my questions accurately.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How VPC help preventing STP Loops 4 95
Firewall report connections 8 70
Cisco AP to get ip from DHCP 10 73
eigrp routing loop 5 39
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question