Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2298
  • Last Modified:

SSLVPN cisco anyconnect client images

On an ASA when you go to Network client access < anyconnect client settings < add multiple image package (windows, mac, linux)  < select a regular expression to match user-agent

How does the client computer know which image to tell the ASA to give it? So if a client computer is Windows, and it connects to the ASA for sslvpn, how does it tell the ASA it wants the windows any connect client package?
0
trojan81
Asked:
trojan81
  • 3
  • 2
  • 2
  • +1
1 Solution
 
jmeggersCommented:
I'm not certain exactly how it knows, but I can verify it does.  I believe during the connection process there is information about the client's OS that is passed and the gateway recognizes that and passes the appropriate client.
0
 
decoleurCommented:
setting that regex is optional and if you are using an external management solution like Cisco Security Manager not supported. I wouldn't use it because it doesn't really provide a whole lot of value.

the actual mechanism for identification is the request header in the http exchange...

from http://en.wikipedia.org/wiki/User_agent
In the http communications identification details is passed via the User-Agent request header as described by RFC 1945.

list of user-agent strings http://www.user-agents.org/

hope this helps,

-t
0
 
MikeKaneCommented:
It can tell from the information sent in the HTTP header which usually contains the OS name and version.

Usually, browsers send enough information to identify the exact OS.

i.e."    Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7"
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
trojan81Author Commented:
ahh thanks Mikekane. Where in the browser can I look to see this? I'm using IE8 on winxp workstation.
0
 
decoleurCommented:
use this to get your user agent: http://whatsmyuseragent.com/
0
 
trojan81Author Commented:
Weird..i'm on IE8 and this is what I see when I click that link. It says I am on mozilla?


Your User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; MS-RTC EA 2; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
0
 
decoleurCommented:
it says that you are mozilla/4.0 compatible. i am on xp with IE 7 and get Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)

the key for the regex with the anyconnect client is to use a lowest common denominator. like 'win' or 'mac', that is your real differentiator. also it goes top down so set up your most common client first.
0
 
MikeKaneCommented:
I'm using IE8 and I get the same.  

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; InfoPath.2; .NET4.0C; .NET4.0E)
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now