Solved

Determine MAC address via Cisco ASDM

Posted on 2010-09-20
2
1,485 Views
Last Modified: 2012-05-10
Hello,
I am trying to figure out how to block access from a certain remote computer to our network. The client computer sometimes connects via the VPN and sometimes only through Outlook RPC/HTTP.
The user still needs to connect to our network but I only want them to connect through a standard company issued computer they already have, not a personal one.
I tried to find the MAC address on the ASA 5520 using ASDM 6.1 when the client has an open VPN session but it seems that information is not available.
Any other way I can block access to our network from non acceptable computers?
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Assisted Solution

by:pablomorales
pablomorales earned 50 total points
ID: 33720970
You will not be able to get his MAC address unless he is connected directly to your network. If he is connecting from the internet then you will only see packets with the MAC address of your router.

To prevent your users from using unauthorized computers via VPN you only need to change the group password and don't give it to them. If you keep the group password secret then the users will not be able to setup the client on another machine without autorization. For Outlook RPC/HTTP you will have a harder time preventing the user from connecting using other computers so you may want to force the user to connect to his email account using the VPN and block his account from using Outlook RPC/HTTP.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 33721819
you should consider using SSL based VPN like AnyConnect.
SSL vpn lets you extend the features using Secure Desktop. You can not only ask for a username/password, but you can also interrogate the PC. Are you one of ours? Do you have AntiVirus? Is it one of these versions? Has it been updated within past 72 hours?
You can get crazy with the interrogation, or just a simple test to make sure it is a company laptop, and if not, it can only access certain things. To know if it is one of yours, you can look for a specific file in a specific location, or a specific registry key, among other options.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question