Thursday, April 11, 2013

Installing or Upgrading HostScan on Cisco ASA


Installing or Upgrading HostScan

Use this procedure to upload, or upgrade, and enable a new HostScan image on the ASA. Use the image to enable HostScan functionality for AnyConnect or upgrade the HostScan support charts for an existing deployment of Cisco Secure Desktop (CSD).
If you previously uploaded a CSD image to the ASA, the HostScan image you specify will upgrade or downgrade the existing HostScan files that were delivered with that CSD package.
You do not need to restart the ASA after you install or upgrade HostScan; however, you must exit and restart Adaptive Security Device Manager (ASDM) to access the Secure Desktop Manager tool in ASDM.
Note HostScan requires an AnyConnect Secure Mobility Client premium license.
Step 1 Download the latest version of the HostScan package using Downloading the HostScan Engine Update.
Note You will need to have an account on Cisco.com and be logged in to download the software.
Step 2 Open ASDM and choose Configuration > Remote Access VPN > HostScan Image. ASDM opens the HostScan Image panel (Figure 2-1).
Figure 2-2 HostScan Image Panel
Step 3 Click Upload to prepare to transfer a copy of the HostScan package from your computer to a drive on the ASA.
Step 4 In the Upload Image dialog box, click Browse Local Files to search for the HostScan package on your local computer.
Step 5 Select the hostscan_version.pkg file you downloaded in Step 1 and click Select. The path to the file you selected is in the Local File Path field and the Flash File System Path field reflects the destination path of the HostScan package. If your ASA has more than one flash drive, you can edit the Flash File System Path to indicate another flash drive.
Step 6 Click Upload File. ASDM transfers a copy of the file to the flash card. An Information dialog box displays the following message:
File has been uploaded to flash successfully.
Step 7 Click OK.
Step 8 In the Use Uploaded Image dialog, click OK to use the HostScan package file you just uploaded as the current image.
Step 9 Check Enable HostScan/CSD if it is not already checked.
Step 10 Click Apply.
Note If AnyConnect Essentials is enabled on the ASA, you receive a message that HostScan and CSD will not work with it. You have the choice to Disable or Keep AnyConnect Essentials.
Step 11 Click Save.

Enabling or Disabling HostScan on the ASA

When you first upload or upgrade a HostScan image using ASDM, you enable the image as part of that procedure. See "Installing and Enabling CSD on the ASA" section.
Otherwise, to enable or disable a HostScan image using ASDM, follow this procedure:
Step 1 Open ASDM and choose Configuration > Remote Access VPN > HostScan Image. ASDM opens the HostScan Image panel (Figure 2-1).
Step 2 Check Enable HostScan/CSD to enable HostScan or uncheck Enable HostScan/CSD to disable HostScan.
Step 3 Click Apply.
Step 4 Click Save.

Uninstalling the HostScan Package from the ASA

Uninstalling the HostScan package removes it from view on the ASDM interface and prevents the ASA from deploying it even if HostScan or CSD is enabled. Uninstalling HostScan does not delete the HostScan package from the flash drive.
Use this procedure to uninstall HostScan on the ASA:
Step 1 Open ASDM and select Configuration > Remote Access VPN > HostScan Image.
Step 2 In the HostScan Image pane, click Uninstall. ASDM removes the text from the Location text box.
Step 3 Click Save.

HostScan and CSD Automatic Upgrades and Downgrades

The ASA automatically distributes the enabled HostScan package to the endpoint whether that package is the standalone HostScan package, the package included with AnyConnect Secure Mobility Client, or the package included with Cisco Secure Desktop. If the endpoint has an older version of the HostScan package installed, the package on the endpoint gets upgraded; if the endpoint has a newer version of the HostScan package, the endpoint package gets downgraded.

Which HostScan Image Gets Enabled When There is More than One Loaded on the ASA?

The HostScan image is delivered with the HostScan package. It can be deployed to the endpoint from the standalone HostScan package, the full AnyConnect Secure Mobility Client package, and Cisco Secure Desktop. Depending on what licenses you have installed on your ASA, you may have all of these packages loaded on your ASA. In that case, the ASA enables the image that you specified as the HostScan image first and if you haven't specified one, the ASA enables the HostScan functionality from Cisco Secure Desktop. See the"Installing, Upgrading, and Downgrading CSD on the ASA" section.
If you uninstall the HostScan package, the ASA cannot enable its HostScan image.
These scenarios describe which HostScan package the ASA distributes when it has more than one loaded.
If you have installed a standalone HostScan package on the ASA and have designated it as the HostScan image, and you enable CSD/hostscan, ASA distributes the standalone HostScan package.
If you have installed a standalone HostScan package on the ASA and have designated it as the HostScan image and you have installed a CSD image on the ASA, and you enable CSD/hostscan, ASA will distribute the standalone HostScan image.
If you have installed a HostScan image on the ASA, but you have not enabled it, and you have installed a CSD image on the ASA and you have enabled CSD/hostscan, the ASA will distribute the standalone HostScan image because it was not uninstalled.
If you have installed an AnyConnect Secure Mobility Client package on the ASA and have designated it as the HostScan image, the ASA will distribute the HostScan image from that package.
If you install an AnyConnect Secure Mobility Client package file on the ASA but do not specify it as the HostScan image, the ASA will not distribute the HostScan package associated with that AnyConnect package. The ASA will distribute an installed HostScan package or CSD package, provided CSD is enabled.

Determining the HostScan Image Enabled on the ASA

Open ASDM and select Configuration > Remote Access VPN > Host Scan Image.
If there is a HostScan image designated in the HostScan Image location field, and the Enable HostScan/CSD box is checked, the version of that image is the HostScan version being used by the ASA.
If the HostScan Image filed is empty, and the Enable HostScan/CSD box is checked, select Configuration > Remote Access VPN > Secure Desktop Manager. The version of CSD in the Secure Desktop Image Location field is the HostScan version being used by the ASA.
- No comments:

install, upgrade, or downgrade a CSD image on the ASA


C
Use this procedure to install, upgrade, or downgrade a CSD image on the ASA:
Step 1 Download the latest version of CSD using Downloading the Latest Version of CSD.
If you are downgrading CSD, use the Downloading the Latest Version of CSD procedure but expand the Latest Releases folder in the directory tree and select the release you need.
Step 2 Start ASDM and choose Configuration > Remote Access VPN > Secure Desktop Manager > Setup. ASDM opens the Setup pane (Figure 2-1).
Figure 2-1 Setup
Step 3 Click Upload to prepare to transfer a copy of the CSD software from your local PC to the flash card installed in the ASA 5500.
ASDM opens the Upload Image dialog box.
Step 4 Click Browse Local Files to prepare to select the file on your local PC.
Step 5 Choose the csd_<n>.<n>.*.pkg you downloaded in Step 1 and click Select.
ASDM closes the Select File Path dialog box and displays the CSD package you just selected in the Flash File System Path field.
Note You do not need to uninstall an installed version of CSD before you upgrade or downgrade the version.
Step 6 Click Upload File.
Caution Avoid opening other windows until you complete the remaining steps.
ASDM transfers a copy of the file to the flash card. An Information dialog box displays the following message:
File has been uploaded to flash successfully.
Step 7 Click OK.
ASDM clears the fields in the Upload Image dialog box.
Step 8 After the Use Uploaded Image dialog box displays the following message, click OK.
Use disk0:/csd_<n>.<n>.*.pkg as your new current image?
Step 9 Check Enable Secure Desktop.
Step 10 Click Apply.
Note If AnyConnect Essentials is enabled on the ASA, you receive a message that CSD will not work with it. You have the choice to Disable or Keep AnyConnect Essentials.
Step 11 Click OK when you receive the message, "Secure Desktop image is successfully updated. The new features can be accessed after ASDM is restarted."
Step 12 Close the ASDM window.
A window displays the following message: The configuration has been modified. Do you want to save the running configuration to flash memory?
Step 13 Click Save.
ASDM saves the configuration and closes.
Step 14 Start a new ASDM session with the ASA to customize the Secure Desktop Manager configuration.

Enabling or Disabling CSD on the ASA

Enabling CSD loads the CSD configuration file, data.xml, from the flash device to the running configuration. If you transfer or replace the data.xml, disable and then enable CSD to load the file.
Disabling CSD does not alter the CSD configuration.
Use ASDM to enable or disable CSD as follows:
Step 1 Choose Configuration > Clientless SSL VPN > Secure Desktop > Setup.
ASDM opens the Setup pane (Figure 2-1).
Note The Secure Desktop Image field displays the image (and version) that is currently installed. The Enable Secure Desktop check box indicates whether CSD is enabled.
Step 2 Check or uncheck Enable Secure Desktop and click Apply.
ASDM enables or disables CSD.
Step 3 Click the X in the upper right corner of the ASDM window to exit.
A window displays the following message:
The configuration has been modified. Do you want to save the running configuration to 
flash memory?
Step 4 Click Save. ASDM saves the configuration and closes.

Entering an Activation Key to Support Advanced Endpoint Assessment

Advanced Endpoint Assessment includes all of the Endpoint Assessment features, and lets you configure an attempt to update noncompliant computers to meet version requirements. You can use ASDM to activate a key to support Advanced Endpoint Assessment after acquiring it from Cisco, as follows:
Step 1 Choose Configuration > Device Management > Licensing > Activation Key.
Step 2 Enter the key in the New Activation Key field.
Step 3 Click Update Activation Key.
Step 4 Choose File > Save Running Configuration to Flash.
An Advanced Endpoint Assessment entry appears and the Configure button becomes active in the HostScan Extensions area of the Configuration > Remote Access VPN > Secure Desktop Manager > HostScan pane, which is accessible only if CSD is enabled.

Uninstalling CSD from the ASA

Uninstalling CSD removes the CSD configuration file, data.xml, from the desktop directory on the flash card. If you want to retain the file, copy it using an alternative name or download it to your workstation before you uninstall CSD.
Uninstall CSD on the ASA as follows:
Step 1 Open ASDM and choose Configuration > Remote Access VPN > Secure Desktop Manager > Setup.
ASDM opens the Setup pane (Figure 2-1).
Step 2 Click Uninstall.
A confirmation window displays the following message:
Do you want to delete disk0:/csd_<n>.<n>.*.pkg and all CSD data files?
Step 3 Click Yes.
ASDM removes the text from the Location text box and removes the Secure Desktop Manager menu options below Setup.
Step 4 Click the X in the upper right corner of the ASDM window to exit.
A window displays the following message:
The configuration has been modified. Do you want to save the running configuration to 
flash memory?
Step 5 Click Save. ASDM saves the configuration and closes.
- No comments:
Subscribe to: Posts (Atom)

How to use Telus Actionec T3200M as a wireless Access point

when you install Telus Internet, they will offer you a modem + router + wireless device Actionec T3200M, a lot of users still want to use th...