• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1128
  • Last Modified:

Restrict VPN access based on computer name

We have a Cisco ASA that has VPN support.  Currently it authenticates via RADIUS based on the users domain user/password.  What we would like to do is also restrict access based on computer name so that users can only connect with corporate owned comptuers.  As such these computers would be a member of "domain computers".  For example if Jill Smith has a corporate laptop, she should be able to VPN from her house using the corporate laptop, but not using her personal computer.  Additionally we would like to be able to make a couple of exceptions for certain users such as the company owner.  I don't really want to have a rule that says "owner can connect with any computer" but rather have the ASA authenticate via the Domain Computers group and a custom list someplace where the connecting computer must be a member of one of those lists.
Any help with this will be greatly appreciated.
1 Solution
You can get an Advanced Endpoint Assessment License that provides you with many options as to how to recognize a computer, how to recognize whether it is a corporate or personal, whether it has updated anti-virus, etc before you allow it to connect.
The base Secure Desktop Manager will give you many of these capabilities, just not as fine of control.
It only works with SSL VPN access
Using the Registry or File criteria, you can specify a registry setting that identifies the computer as a domain member, or a specific file that identifies it as a corporate owned computer.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now