Solved

Determine MAC address via Cisco ASDM

Posted on 2010-09-20
2
1,437 Views
Last Modified: 2012-05-10
Hello,
I am trying to figure out how to block access from a certain remote computer to our network. The client computer sometimes connects via the VPN and sometimes only through Outlook RPC/HTTP.
The user still needs to connect to our network but I only want them to connect through a standard company issued computer they already have, not a personal one.
I tried to find the MAC address on the ASA 5520 using ASDM 6.1 when the client has an open VPN session but it seems that information is not available.
Any other way I can block access to our network from non acceptable computers?
0
Comment
Question by:tolinrome
2 Comments
 
LVL 4

Assisted Solution

by:pablomorales
pablomorales earned 50 total points
ID: 33720970
You will not be able to get his MAC address unless he is connected directly to your network. If he is connecting from the internet then you will only see packets with the MAC address of your router.

To prevent your users from using unauthorized computers via VPN you only need to change the group password and don't give it to them. If you keep the group password secret then the users will not be able to setup the client on another machine without autorization. For Outlook RPC/HTTP you will have a harder time preventing the user from connecting using other computers so you may want to force the user to connect to his email account using the VPN and block his account from using Outlook RPC/HTTP.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 33721819
you should consider using SSL based VPN like AnyConnect.
SSL vpn lets you extend the features using Secure Desktop. You can not only ask for a username/password, but you can also interrogate the PC. Are you one of ours? Do you have AntiVirus? Is it one of these versions? Has it been updated within past 72 hours?
You can get crazy with the interrogation, or just a simple test to make sure it is a company laptop, and if not, it can only access certain things. To know if it is one of yours, you can look for a specific file in a specific location, or a specific registry key, among other options.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now