Solved

SSLVPN cisco anyconnect client images

Posted on 2010-11-10
8
2,005 Views
Last Modified: 2012-05-10
On an ASA when you go to Network client access < anyconnect client settings < add multiple image package (windows, mac, linux)  < select a regular expression to match user-agent

How does the client computer know which image to tell the ASA to give it? So if a client computer is Windows, and it connects to the ASA for sslvpn, how does it tell the ASA it wants the windows any connect client package?
0
Comment
Question by:trojan81
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
Comment Utility
I'm not certain exactly how it knows, but I can verify it does.  I believe during the connection process there is information about the client's OS that is passed and the gateway recognizes that and passes the appropriate client.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 500 total points
Comment Utility
setting that regex is optional and if you are using an external management solution like Cisco Security Manager not supported. I wouldn't use it because it doesn't really provide a whole lot of value.

the actual mechanism for identification is the request header in the http exchange...

from http://en.wikipedia.org/wiki/User_agent
In the http communications identification details is passed via the User-Agent request header as described by RFC 1945.

list of user-agent strings http://www.user-agents.org/

hope this helps,

-t
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
It can tell from the information sent in the HTTP header which usually contains the OS name and version.

Usually, browsers send enough information to identify the exact OS.

i.e."    Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7"
0
 

Author Comment

by:trojan81
Comment Utility
ahh thanks Mikekane. Where in the browser can I look to see this? I'm using IE8 on winxp workstation.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 18

Expert Comment

by:decoleur
Comment Utility
use this to get your user agent: http://whatsmyuseragent.com/
0
 

Author Comment

by:trojan81
Comment Utility
Weird..i'm on IE8 and this is what I see when I click that link. It says I am on mozilla?


Your User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; MS-RTC EA 2; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
0
 
LVL 18

Expert Comment

by:decoleur
Comment Utility
it says that you are mozilla/4.0 compatible. i am on xp with IE 7 and get Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)

the key for the regex with the anyconnect client is to use a lowest common denominator. like 'win' or 'mac', that is your real differentiator. also it goes top down so set up your most common client first.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I'm using IE8 and I get the same.  

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; InfoPath.2; .NET4.0C; .NET4.0E)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Switch Speed 2 57
shrewsoft VPN client and DNS 6 45
High Density Switches 8 22
stacking Catalyst 3650 11 8
Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now