Using TACACS+ for AAA on Cisco ASA

Hello -
I have compiled the TACACS+ server software (downloaded from ftp.cisco.com a while ago) und looking for any hints how to configure roles for full access, read-only access for our ASA firewalls. Does anybody have configuration examples for the tacacs+ configuration and the ASA configuration? Any hints are welcome.
Many thanks in advance!
Regards,
Stefan

Have a look at the attached doc
Narayan

Similar Messages

  • TACACS for AAA on Cisco Switch

    I have configured our switches for TACACS authentication however it does not seem to be working. I know it is trying as if I remove the secondary login option (local) I am denied access completely but I see no log on the ACS server. Any ideas?, oh and this is going across an any to any VPN

    Can you log into your switch, and turn on the debug aaa authentication, and debug tacacs.
    Then go ahead and issue a test aaa group.. command to test the authentication, do you see it timing out? Are you using a source interface for this traffic? is that source interface inside the lan to lan intersting traffic?

  • Use Tacacs+ for Admin auth & Radius for user Auth?

    Can I setup my Aironet 1200 to use TACACS+ for authentication back to the cisco ACS server and RADIUS back to same server for user authentication?
    If I setup a server in Server Manager under Radius, then add that same server as a TACACS+ server, it deletes the RADIUS server, so I assume no.

    dont know about 1200s but you can do this on 1130AGs. Create a aaa group for authentication via radius, and one for tacacs+ then use aaa groups to point console/vty to the tacacs+ aaa group, and EAP authentication to the radius group.
    eg:
    aaa group server radius rad-group
    server x.x.x.x auth-port xxxx acct-port xxxx
    aaa group server tacacs+ admin-access
    server x.x.x.x
    aaa authentication login eap-method group rad-group
    aaa authentication login auth-admin-access group admin-access local
    aaa authorization exec default group admin-access local
    now under the ssid part of the config have:
    dot11 ssid yyyyyy
    authentication open (or whatever method you use) eap eap-method
    under console/vty etc:
    login authentication auth-admin-access
    you need some more stuff like radius and tacacs server keys, but the above should get you started. On 1130AGs dont use aaa auth for http(s), looks like it overloads the aaa server at the moment - see field notices - probably doesnt apply to 1200s.

  • Aaa authentication using tacacs+ for LAP

    WIth Autonomous AP, you can configure aaa authtentication using Tacacs+.
    In lightweight AP, do u have similar function where u authenticate using tacacs+ when u telnet/ssh into the LAP after it is registered to the WLC?
    Rgds
    Eng Wee

    There really isn't anything you can do on the LAP through telnet/ssh.  You can enable TACACS for access to the controller.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml

  • Privilege mode authentication using Tacacs for Cisco Routers

    I am trying to set up a test environment where I need to be able to be asked for both a username and password while entering enable mode from exec mode on a cisco IOS router. I was told the only way to do that is through Tacacs. But I've not seen any such configuration options on Tacacs in order to set it up right. Has someone ever did a setup like this before. I would appreciate any help on this. Thanks. 

    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    service compress-config
    hostname 2621-3
    boot-start-marker
    boot system flash c2600-i-mz.123-26.bin
    boot-end-marker
    logging buffered 5001 debugging
    no logging console
    no logging monitor
    enable password cisco
    memory-size iomem 10
    clock timezone CST -7
    clock summer-time CST recurring
    aaa new-model
    aaa authentication login default local
    aaa authentication enable default group tacacs+
    aaa authorization exec default group tacacs+ local
    aaa session-id common
    ip subnet-zero
    ip cef
    no ip domain lookup
    ip domain name int.voyence.com
    ip name-server 192.168.21.5
    !key chain jetef
    key 10
      key-string c1sco
    modemcap entry ZOOM
    modemcap entry ZOOM
    username jeff password 0 jeff
    tacacs-server host 192.168.21.230 key cisco
    tacacs-server host 10.6.230.32
    tacacs-server directed-request
    tacacs-server key dakey
    line con 0
    exec-timeout 15 0
    logging synchronous
    speed 115200
    line aux 0
    exec-timeout 15 0
    password 7 104D000A0618
    logging synchronous
    modem InOut
    modem autoconfigure discovery
    terminal-type monitor
    transport input all
    stopbits 1
    flowcontrol hardware
    line vty 0 4
    exec-timeout 15 0
    password cisco
    private
    logging synchronous

  • Trying to use DS 6.2 w/ Cisco ASA 5540 for VPN Auth

    Hello all,
    I'm trying to connect our Cisco ASA 5540 with LDAP authentication to our DSEE 6.2 directory. The authentication is failing and this line in the debug output from the firewall is really getting to me: "No results returned for iPlanet global password policy".
    Their authentication process is two-steps.. It binds with a service account, searches on the "naming attribute" (in our case uid), grabs the DN of the user, and unbinds. With step 2, it binds to the directory with the DN it found when searching, and the password the user supplied. If the second bind is successful, then the firewall lets them on the VPN.
    When the firewall binds with the service account, it successfully finds the user's DN and disconnects, so I know my ACI is working correctly there. It just seems to fail when trying to re-bind with the user's DN...
    We opened a TAC case with Cisco, and this is their response:
    The DN configured on the security appliance to access a Sun directory server must be able to access the default password policy on that server. We recommend using the directory administrator, or a user with directory administrator privileges, as the DN. Alternatively, you can place an ACI on the default password policy.
    I refuse to let a poorly written application or appliance bind as cn=Directory Administrator!
    I tried putting an ACI on the default password policy located at cn=Password Policy,cn=config , but that doesn't seem to make any difference to the ASA.. My best guess is that it's looking somewhere else for the password policy... did it used to be located elsewhere in iPlanet? Has anyone made this work before with a Cisco ASA?

    My network admin and I ended up solving this problem by sheer dumb luck. In the ASA config, you tell it what kind of LDAP server it's connecting to. In one set of docs, it had the available options as microsoft, sun, or generic. In another set of docs, we found that openldap was also an acceptable option.
    I'm guessing the ASA is thinking the "sun" option is connecting to the old Netscape Directory Server. Changing the "server type" to openldap made it work immediately. It also does not look like it's trying to look at the LDAP server's password policy now either.

  • Upgrading license for more context cisco asa 5580

    Hi guys:
    This is the situation I got to firewalls with failover and I need to upgrade the license so I can get more context (right now I have 5 context and I need 10) so I was looking at the procedure and I'm not sure If I need to restart the device or not. I was looking at this procedure:
    Upgrading the License for a Failover using ASDM (No Reload Required)
    Use the following procedure using ASDM if your new license does not require you to reload. This procedure ensures that there is no downtime.
    •1.       On the active unit, choose Configuration > Device Management > High Availability > Failover > Setup, and uncheck the Enable Failover check box. Now click Apply. The standby unit remains in a pseudo-standby state. Deactivating failover on the active unit prevents the standby unit from attempting to become active during the period when the licenses do not match.
    •2.       Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the active unit serial number. Now click Update Activation Key.
    •3.       Log into the standby unit by double-clicking its address in the Device List. If the device is not in the Device List, click Add to add the device. You might be prompted for credentials to log in.
    •4.       Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the standby unit serial number. Now click Update Activation Key.
    •5.       Log into the active unit again by double-clicking its address in the Device List. Choose Configuration > Device Management > High Availability > Failover > Setup, and re-check the Enable Failover check box.
    •6.       Click Apply. This completes the procedure.
    link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00806b1c0f.shtml#norelasdm
    But then I checked on the cisco web page that there are some license that need to reload I see this:
    All models
    Downgrading any license (for example, going from 10 contexts to 2 contexts).
    Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
    link: https://www.cisco.com/en/US/docs/security/asa/asa81/license/license81.html
    So I just want to know if I'm UPGRADING from 5 to 10 context the reload applies to my situation or not?
    Regards

    No reload is required when you are upgrading from 5 to 10 security context license.
    Reload is only required on the following feature:
    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/license.html#wp1361750
    Hope this helps.

  • Which is better for Branch Office Cisco ASA or Cisco 1900 router for Branch Office?

    Which is a better solution ?
    Using ASA55XX or 1900 series router for WAN and Internet access for 25 - 100 users?

    Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:
    - what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.
    - is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.
    - is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.
    - will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.
    - is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.
    So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.
    HTH
    Rick

  • Level 15 authorization on Cisco ASA

    I use tacacs+ for AAA in my Enterprise. On my ACSv4.1, I have created a user with privilege level 15. On every Switch in my enterpirse the user on authentication, directly goes to privilege mode (because he is level 15). But on ASA (ver 8.0) he is always prompted for an enable password.
    Is there any method to directly go to the privilege mode on the ASA?
    I could not find any aaa authorization commands to do this in an ASA.
    Thanks in advance.

    Jenny, this is how the ASA works. This feature was never implemented on the ASA in the same way it was done on the IOS platform.
    Regards
    Farrukh

  • FWSM: AAA authentication using TACACS and local authorization

    Hi All,
    In our setup, we are are having FWSMs running version 3.2.22 and users are authenticating using TACACS (running cisco ACS). We would like to give restricted access ( some show commands ) to couple of users to all devices. We do not want to use TACACS for command authorization.
    We have created users on TACACS and  not allowed "enable" access to them. I have also given those show commands locally on the firewall with privilege level 1. and enabled aaa authorization LOCAL
    Now , those users can successfully login to devices and execute those show commands from priv level 1 except "sh access-list".  I have specifically mentioned this
    "privilege show level 1 mode exec command access-list"  in the config.
    Is there anything i am missing or is there any other way of doing it?
    Thanks.

    You cannot do what you are trying to do. For (default login you need to use the first policy matched.
    you can diversify telnet/ssh with http by  creating different aaa groups.
    But still you will be loging in for telnet users (all of them) using one method.
    I hope it is clear.
    PK

  • Nexus, command authorization using TACACS.

    Hello.
    Can someone provide a sample configuration to use Cisco Secure ACS 4.2 to enable command authorization using TACACS.
    Thanks.
    Regards.
    Andrea

    Hi Andrea,
    We've moved onto ACS 5.3 now - but we had our Nexus 5520's running against our old ACS 4.2 before that - so I've picked out the relevant bits of the config below:
    username admin password role network-admin ; local admin user
    feature tacacs+ ; enable the tacacs feature
    tacacs-server host key ; define key for tacacs server
    aaa group server tacacs+ tacacs ; create group called 'tacacs'
        server ;define tacacs server IP
        use-vrf management ; tell it to use the default 'management' vrf to send the tacacs requests
        source-interface mgmt0 ; ...and send them from the mgmt interface
    aaa authentication login default group tacacs ; use tacacs for login auth
    aaa authentication login console group tacacs  ; use tacacs for console login auth
    aaa authorization config-commands default group tacacs local  ; use tacacs for config command authorization
    aaa authorization commands default group tacacs local  ; use tacacs for normal command authorization
    aaa accounting default group tacacs ; send accounting records to tacacs
    Hope that works for you!
    (That can change a bit when you move to ACS 5.x - as we've chosen not to do complex command auth (using shell profiles only) so instead you pass back the nexus role to the 5k - and it does the command auth (network-admin vs network-operator) based on that - so you just don't configure aaa command authorization on the 5k)
    Rob...

  • Exception for AAA

    Hi, I am using RADIUS for AAA authentication. Authentication is configured for device access. I want to know if i will be able to put an exception i.e. i want one user to be authenticated locally (local username and passwowrd) on a firewall(ASA 5500), while others to be authenticated by AAA. If it is possible, how do it do it?

    Ok. I have Cisco Security Manager, Cisco MARS, LMS and VMS in my network. Now, the requirement is something like this:
    Everyone (including CSM) accessing devices like firewalls, routers, switchces, IPS Sensors should be authenticated by the ACS.
    But when I went throught the CSM documentation I understood that the best way for CSM to logon to the firewall is by a local user.
    Hence I an looking for a mechanism for the CSM only to bypass the AAA authentication while the network administrators being authenticated by the AAA.
    Regards,
    Rishikesh Khedkar

  • Cisco ASA 5510 Natting 2 internal ip to 1 public ip

    Hi Guys,
    I have a doubt on how do nat 2 internal ip addresses to 1 public ip for FTP uses.
    As I know Cisco ASA cannot use to nat 2 internal ips to 1 public ip as the ASA cannot read the host header. It there anyway to control it by using acl or network object group?
    My current configuration for nat 1 internal ip to 1 public ip:
    static (firewall-dmz,firewall-outside) tcp 210.19.xx.xx 21 172.16.101.11 21 netmask 255.255.255.255  dns
    Thank you for your help.
    Cheers
    Tommy

    Yes it is possible . See if this helps.  I'm not in front of my ASA right now, but I think this is the old and new way.  If you are actually using the interface address, you might need to use the "interface" keyword
    Pre 8.3
    static (inside,outside) tcp 1.1.1.1 80 192.168.1.100 8080 netmask  255.255.255.255
    static (inside,outside) tcp 1.1.1.1 8080 192.168.1.101 8080 netmask  255.255.255.255
    static (inside,outside) tcp 1.1.1.1 25 192.168.1.102 25 netmask  255.255.255.255
    8.3 and Later
    object network obj-192.168.1.100
      host 192.168.1.100
      nat (inside,outside) static 1.1.1.1 service tcp 8080 80
    object network obj-192.168.1.101
      host 192.168.1.101
      nat (inside,outside) static 1.1.1.1 service tcp 8080 8080
    object network obj-192.168.1.102
      host 192.168.1.102
      nat (inside,outside) static 1.1.1.1 service tcp 25 25
    If you are using the interface address--
    static (inside,outside) tcp interface 80 192.168.1.100 8080 netmask  255.255.255.255
    static (inside,outside) tcp interface 8080 192.168.1.101 8080 netmask  255.255.255.255
    static (inside,outside) tcp interface 25 192.168.1.102 25 netmask  255.255.255.255
    8.3 and Later
    object network obj-192.168.1.100
      host 192.168.1.100
      nat (inside,outside) static interface service tcp 8080 80
    object network obj-192.168.1.101
      host 192.168.1.101
      nat (inside,outside) static interface service tcp 8080 8080
    object network obj-192.168.1.102
      host 192.168.1.102
      nat (inside,outside) static interface service tcp 25 25

  • Has anyone used the wiki behind a Cisco WebVPN?

    I'm trying to use the wiki behind a Cisco WebVPN with little success.
    What I think is going on is that as pages are downloaded to the browser, the WebVPN (as it should) translates each link into a WebVPN-specific link (acting essentially as a proxy). When you edit the page and submit, these links get submitted through the web service with the translated links intact, now setting all previously internal links into unusable external links. For some reason the result of this is a page with links fails to save.
    Has anyone written a APCF (Application Profile Customization Framework) file that might take care of this, or some imaginative proxy bypass rules or something else? I can't believe I'm the first person to use a combo of a Cisco ASA WebVPN and the Snow Leopard wiki. Any other ideas short of using an ipsec VPN instead?

    Ahhh the days of the Creative Nomad Jukebox MP3 Player. Thanks for the bringing back the memories Apple! I had one of those and the USB 1.1 transfer rate took HOURS to fill the Nomad's 6 GB drive. Once it was full, minor updates to playlists were tolerable.
    So now for anyone with a pre-2003 Mac will have to cope with USB 1.1 transfer speeds, specifically iBooks and PowerBooks. Desktop Macs can simply add a USB 2.0 card to resolve that problem.
    Still, the iPod Nano is a huge improvement over the Mini. FireWire would have been nice since the original iPod was a FireWire device. But, to keep the form factor small, they had to decide on only one transfer protocol...so I guess USB 2.0 won.
    Also, Apple will never get rid of FireWire, not even when they start shipping Intel-based Macs. Digital Video is huge, and so is iMovie and Final Cut Pro.

  • CISCO ASA Clientless VPN Host Scan

    Hi All
    We open up Internet Explorer 8 on local PC, then we are connecting using clientless vpn to a CISCO ASA 5520 8.0(4), we are getting an issue with the local internet explorer browser closing after 20 mins. The content accessed from the VPN is still available but all local Internet Explorer processes are terminated.
    When i look at the hostscan.log i get TOKEN_SUCESS followed by TOKEN_LOGGEDON for the first 20 mins. After 20 minutes i get TOKEN_INVALID  followed by the browser kill command which is closing internet explorer. This is effecting all users. If i close the SSL VPN completly the same issue occurs after exactly 20 mins. The session below was started at 14:23:34 and we recieve TOKEN_LOGGEDON at 14:45:50 but TOKEN_INVALID at 14:46:50.
    Hope someone can help?
    Ian                   
    Host Scan.Log:
    [Tue Oct 09 14:45:50.296 2012][libcsd][info][asa_parse_dap_response] parsing DAP response.
    [Tue Oct 09 14:45:50.296 2012][libcsd][debug][asa_parse_dap_response] TOKEN_LOGGEDON
    [Tue Oct 09 14:45:50.296 2012][libcsd][debug][asa_parse_dap_response] no scan interval, defaulting to 60 sec.
    [Tue Oct 09 14:45:50.296 2012][libcsd][debug][cache_cleaner_check_browsers] cache cleaner enabled, verifying browser is still open.
    [Tue Oct 09 14:45:50.343 2012][libcsd][debug][run_loop] sleeping for 60 seconds.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][run_loop] awake.
    [Tue Oct 09 14:46:50.349 2012][libcsd][all][scan] performing scan.
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][process_system_scans] scanning system...
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][update_file] updating file (C:\Users\REMOVED\AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][verify_file] verifying file: C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][verify_file] file has been verified: (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (kernel32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (kernel32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (kernel32.dll) loaded
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_os] os (Windows 7) version (Service Pack 1) arch (x64) proclevel (unknown)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_location] location (REMOVED)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_csdtype] csd protection (cache cleaner)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_csdtype] csd version (3.5.841)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_hostname] hostname (REMOVED)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (135)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (445)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (3389)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (5500)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6051)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6129)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47002)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47006)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47007)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49152)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49153)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49154)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49175)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49179)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49184)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (9089)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (139)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (123)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (500)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (4500)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (5355)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6004)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64000)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64246)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (1900)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (50907)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (53973)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (56922)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (57555)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (57906)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (59441)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60837)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60919)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (63966)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64019)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64955)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (65202)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (137)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (138)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (1900)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60918)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_macaddrs] found MAC addr (6431.5034.738f)
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_applications] No removable applications installed.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] initializing certificate subsystem ...
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] mozilla cert store enabled
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] capi cert store enabled
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] initializing mozilla certificate module...
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (kernel32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (kernel32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (kernel32.dll) loaded
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][reg_open_key] checking 32-bit registry hive: SOFTWARE\Mozilla\Mozilla Firefox.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] unable to load mozilla libs.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] initializing mozilla certificate module... failed
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_free_api] not initialized
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_free_api] not initialized
    [Tue Oct 09 14:46:50.349 2012][libcsd][warn][cert_init] failed to initialize mozilla certificates
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (Crypt32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (Crypt32.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (Crypt32.dll) loaded
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] initializing certificate subsystem ... done
    [Tue Oct 09 14:46:50.349 2012][libcsd][warn][cert_get_user_certs_prop_list] mozilla certificates not initialized.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initializing certificate subsystem ...
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initialization of capi certificated completed.
    [Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initializing certificate subsystem ... done
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_file_verify_trust] verifying file trust (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (Wintrust.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (Wintrust.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (Wintrust.dll) loaded
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] file signature verified(C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
    [Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll) loaded
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB958830)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2425227)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2479943)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2491683)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2503665)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2506014)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2506212)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2507618)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2509553)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2510531)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2511455)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2518869)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2532531)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2533552)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2534111)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2536275)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2536276)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2539635)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2544521)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2544893)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2552343)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2556532)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2560656)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2564958)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2567680)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2570947)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2572077)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2579686)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2584146)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2585542)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2588516)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2598845)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2618444)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2618451)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2619339)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2620704)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2620712)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2631813)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2633952)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2639417)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2641690)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2644615)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2656356)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB958488)
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB976902)
    [Tue Oct 09 14:46:50.895 2012][libcsd][info][process_host_scans] scanning environment...
    [Tue Oct 09 14:46:50.895 2012][libcsd][info][process_inspector_scans] scanning for security software...
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][process_inspector_scans] no inspector list items.
    [Tue Oct 09 14:46:50.895 2012][libcsd][info][scan_perform_scan] scanning complete.
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.version="Windows 7"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.servicepack="Service Pack 1"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.architecture="x64"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.processor_level="unknown"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.policy.location=" REMOVED "
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.protection="cache cleaner"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.protection_version="3.5.841"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.hostname=" REMOVED "
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["135"]="true"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["445"]="true"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["3389"]="true"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["5500"]="true"
    [Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["6051"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["6129"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47002"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47006"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47007"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49152"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49153"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49154"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49175"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49179"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49184"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["9089"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["139"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["123"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["500"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["4500"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["5355"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["6004"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64000"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64246"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["1900"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["50907"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["53973"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["56922"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["57555"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["57906"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["59441"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60837"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60919"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["63966"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64019"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64955"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["65202"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["137"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["138"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["1900"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60918"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.MAC["6431.5034.738f"]="true"
    CERTIFICATE INFO REMOVED
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB958830"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2425227"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2479943"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2491683"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2503665"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2506014"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2506212"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2507618"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2509553"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2510531"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2511455"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2518869"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2532531"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2533552"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2534111"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2536275"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2536276"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2539635"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2544521"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2544893"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2552343"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2556532"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2560656"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2564958"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2567680"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2570947"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2572077"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2579686"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2584146"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2585542"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2588516"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2598845"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2618444"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2618451"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2619339"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2620704"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2620712"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2631813"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2633952"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2639417"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2641690"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2644615"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2656356"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB958488"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB976902"]="true"
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting peer
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting l2 peer: (REMOVED)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting peer done. peer = REMOVED, referrer = REMOVED
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][asa_post_dap] sending results to: (REMOVED /+CSCOE+/sdesktop/scan.xml?reusebrowser=1)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie: (sdesktop=70E341AC00B5735F069D5FFE)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header: (Cookie: sdesktop=70E341AC00B5735F069D5FFE)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header done
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie done
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects: (10)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects done
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][asa_post_dap] sending results to: (REMOVED /+CSCOE+/sdesktop/scan.xml?reusebrowser=1)
    [Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_post] posting data
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] processing http response headers
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] getting http headers from l2
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] getting http headers headers from l2 done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][parse_response_headers] parsing http headers
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] --- Http Response Headers ---
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] HTTP-Version: 1.1
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Status-Code: 200
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Cache-Control: no-cache
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Connection: Keep-Alive
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Date: Tue, 09 Oct 2012 13:46:50 GMT
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Pragma: no-cache
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Transfer-Encoding: chunked
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Content-Type: text/xml
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Server: Cisco AWARE 2.0
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] --------------------
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][parse_response_headers] parsing http headers done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] processing http response headers done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_post] posting data done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_post_dap] results sent to (REMOVED).
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] --- http data ---
    todo
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] --- http data ---
    todo
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data done
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_post_dap] headend response: (<?xml version="1.0" encoding="ISO-8859-1"?>
    <hostscan><status>TOKEN_INVALID</status></hostscan>
    [Tue Oct 09 14:46:50.926 2012][libcsd][info][asa_parse_dap_response] parsing DAP response.
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_parse_dap_response] TOKEN_INVALID
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_parse_dap_response] no scan interval, defaulting to 60 sec.
    [Tue Oct 09 14:46:50.926 2012][libcsd][debug][browser_restore] restoring browser settings.
    [Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (2400)
    [Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (6944)
    [Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (2396)
    [Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (1436)
    [Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (532)
    [Tue Oct 09 14:46:50.957 2012][libcsd][debug][restore_ie_history] restoring IE history.

    Windows 8 clientless SSL VPN is officially supported as of 9.0(2) and 9.1(2) codes:
    Clientless SSL VPN: Windows 8 Support: http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html
    Maybe upgrading your code will fix it...
    Patrick

Maybe you are looking for

  • How to exclude import of RAW?

    How is it possible to not import RAW images if you're importing from a device/card that has images from a supported RAW camera?

  • Redirect to custom url after successful authentication by OAM

    Hello, I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2). The requirement in my case is depending upon the user type and the region(one of the user's ldap att

  • Statement must appear within on Handler

    Ok. So there are a lot of things asking about this already, but I keep getting the "statement must appear within on handler" error when I try to add a gotoAndPlay event to my button...and reading other peoples problems and solutions has not helped me

  • Lastest Flash (16.0.0.305) is installed but Firefox still says I need Flash for most videos. Why?

    I have installed flash multiple times, restarted Firefox, and everything I can think of but every time I come to a page that uses flash player it STILL Says I need Flash player to see the video or whatever is using flash. This has been going on for a

  • Purchasing songs through itunes for Windows

    Hello, I'm trying to purchase songs through Itunes for Windows... I've recently moved, and Itunes hadn't been working for a while but I thought it was just that I needed to pay off my credit card. I have paid off my credit card, and was attempting to