Solved

SSLVPN cisco anyconnect client images

Posted on 2010-11-10
8
2,069 Views
Last Modified: 2012-05-10
On an ASA when you go to Network client access < anyconnect client settings < add multiple image package (windows, mac, linux)  < select a regular expression to match user-agent

How does the client computer know which image to tell the ASA to give it? So if a client computer is Windows, and it connects to the ASA for sslvpn, how does it tell the ASA it wants the windows any connect client package?
0
Comment
Question by:trojan81
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 34111201
I'm not certain exactly how it knows, but I can verify it does.  I believe during the connection process there is information about the client's OS that is passed and the gateway recognizes that and passes the appropriate client.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 500 total points
ID: 34112491
setting that regex is optional and if you are using an external management solution like Cisco Security Manager not supported. I wouldn't use it because it doesn't really provide a whole lot of value.

the actual mechanism for identification is the request header in the http exchange...

from http://en.wikipedia.org/wiki/User_agent
In the http communications identification details is passed via the User-Agent request header as described by RFC 1945.

list of user-agent strings http://www.user-agents.org/

hope this helps,

-t
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34112530
It can tell from the information sent in the HTTP header which usually contains the OS name and version.

Usually, browsers send enough information to identify the exact OS.

i.e."    Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7"
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:trojan81
ID: 34112704
ahh thanks Mikekane. Where in the browser can I look to see this? I'm using IE8 on winxp workstation.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 34113091
use this to get your user agent: http://whatsmyuseragent.com/
0
 

Author Comment

by:trojan81
ID: 34113156
Weird..i'm on IE8 and this is what I see when I click that link. It says I am on mozilla?


Your User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; MS-RTC EA 2; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
0
 
LVL 18

Expert Comment

by:decoleur
ID: 34113375
it says that you are mozilla/4.0 compatible. i am on xp with IE 7 and get Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)

the key for the regex with the anyconnect client is to use a lowest common denominator. like 'win' or 'mac', that is your real differentiator. also it goes top down so set up your most common client first.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34114280
I'm using IE8 and I get the same.  

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; InfoPath.2; .NET4.0C; .NET4.0E)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Link issue 11 61
ssh setup on Cisco swith 11 66
Trouble with VPN DENY rules on sonicwall 1 34
route-map permit with a number 1 19
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question