[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Determine MAC address via Cisco ASDM

Posted on 2010-09-20
2
Medium Priority
?
1,494 Views
Last Modified: 2012-05-10
Hello,
I am trying to figure out how to block access from a certain remote computer to our network. The client computer sometimes connects via the VPN and sometimes only through Outlook RPC/HTTP.
The user still needs to connect to our network but I only want them to connect through a standard company issued computer they already have, not a personal one.
I tried to find the MAC address on the ASA 5520 using ASDM 6.1 when the client has an open VPN session but it seems that information is not available.
Any other way I can block access to our network from non acceptable computers?
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Assisted Solution

by:pablomorales
pablomorales earned 200 total points
ID: 33720970
You will not be able to get his MAC address unless he is connected directly to your network. If he is connecting from the internet then you will only see packets with the MAC address of your router.

To prevent your users from using unauthorized computers via VPN you only need to change the group password and don't give it to them. If you keep the group password secret then the users will not be able to setup the client on another machine without autorization. For Outlook RPC/HTTP you will have a harder time preventing the user from connecting using other computers so you may want to force the user to connect to his email account using the VPN and block his account from using Outlook RPC/HTTP.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 800 total points
ID: 33721819
you should consider using SSL based VPN like AnyConnect.
SSL vpn lets you extend the features using Secure Desktop. You can not only ask for a username/password, but you can also interrogate the PC. Are you one of ours? Do you have AntiVirus? Is it one of these versions? Has it been updated within past 72 hours?
You can get crazy with the interrogation, or just a simple test to make sure it is a company laptop, and if not, it can only access certain things. To know if it is one of yours, you can look for a specific file in a specific location, or a specific registry key, among other options.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question