Symptom
AnyConnect on mobile devices - VPN cannot be established to ASA/FTD when hostscan is enabled.
'VULNERABLE_INVALID_URL_METHOD' counter will increase in the 'show counters' command output.
------------------ show counters ------------------
WebVPN VULNERABLE_INVALID_URL_METHOD 4 Summary
Conditions
ASA/FTD configured for remote access (AnyConnect)
Mobile devices using AnyConnect
HostScan enabled
Workaround
There are two workarounds available:
1) Disable HostScan/Secure Firewall Posture completely
2) Configure a separate Connection Profile with HostScan/Secure Firewall Posture disabled for mobile devices
Further Problem Description
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
