[c-nsp] Profiling with ASA?

Ryan West rwest at zyedge.com
Wed Nov 23 14:33:56 EST 2011


On Mon, Nov 21, 2011 at 14:00:47, Scott Voll wrote:
> Subject: Re: [c-nsp] Profiling with ASA?
> 
> Ryan--
> 
> Thanks for the direction.  I have setup CSD and DAP's but I'm 
> wondering if there is some way to move from there to Group Policy?
> 
> Where I'm going with all of this, is I have a Large telecommuting base 
> and some use corporate laptops (that we want to use Scan Safe / 
> Anyconnect
> 3.0) and home PC's that we don't want to use Scan Safe on.
> 
> Any ideas?
> 
> TIA
> 
> Scott
> 

Hey Scott,

I was out of town for a bit, have you checked out the SBA deployment guides.  They have one for ScanSafe that should meet your needs.  Basically, you're going to take the aggregate decision from CSD and DAP to make a mapping to a group-policy.  That group-policy will have the ScanSafe settings and module download.  If they don't map properly, you can dump them into a more restrictive group using the default-group-policy setting under the tunnel-group.

Here is the SBA:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/August2011/SBA_Ent_BN_SecureRemoteMobileAccessDeploymentGuide.pdf

Thanks,

-ryan



More information about the cisco-nsp mailing list