Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSLVPN cisco anyconnect client images

Posted on 2010-11-10
8
Medium Priority
?
2,254 Views
Last Modified: 2012-05-10
On an ASA when you go to Network client access < anyconnect client settings < add multiple image package (windows, mac, linux)  < select a regular expression to match user-agent

How does the client computer know which image to tell the ASA to give it? So if a client computer is Windows, and it connects to the ASA for sslvpn, how does it tell the ASA it wants the windows any connect client package?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 34111201
I'm not certain exactly how it knows, but I can verify it does.  I believe during the connection process there is information about the client's OS that is passed and the gateway recognizes that and passes the appropriate client.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 2000 total points
ID: 34112491
setting that regex is optional and if you are using an external management solution like Cisco Security Manager not supported. I wouldn't use it because it doesn't really provide a whole lot of value.

the actual mechanism for identification is the request header in the http exchange...

from http://en.wikipedia.org/wiki/User_agent
In the http communications identification details is passed via the User-Agent request header as described by RFC 1945.

list of user-agent strings http://www.user-agents.org/

hope this helps,

-t
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34112530
It can tell from the information sent in the HTTP header which usually contains the OS name and version.

Usually, browsers send enough information to identify the exact OS.

i.e."    Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7"
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 

Author Comment

by:trojan81
ID: 34112704
ahh thanks Mikekane. Where in the browser can I look to see this? I'm using IE8 on winxp workstation.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 34113091
use this to get your user agent: http://whatsmyuseragent.com/
0
 

Author Comment

by:trojan81
ID: 34113156
Weird..i'm on IE8 and this is what I see when I click that link. It says I am on mozilla?


Your User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; MS-RTC EA 2; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
0
 
LVL 18

Expert Comment

by:decoleur
ID: 34113375
it says that you are mozilla/4.0 compatible. i am on xp with IE 7 and get Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)

the key for the regex with the anyconnect client is to use a lowest common denominator. like 'win' or 'mac', that is your real differentiator. also it goes top down so set up your most common client first.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34114280
I'm using IE8 and I get the same.  

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; InfoPath.2; .NET4.0C; .NET4.0E)
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question