?
Solved

ASA Client locked down by Mac Address

Posted on 2013-12-16
3
Medium Priority
?
509 Views
Last Modified: 2016-11-23
Experts,
We have a third party company based in Europe that needs to log into our production environment to do some off hour work for us.  The way we are planning on accomplishing access for them is through VPN by way of a Dell Wyce Thin Client.

The thin client is running windows 8 and a Cisco ASA VPN client.  Our firewalls are ASA 1500.  My goal is to lock this company down so they can only access our production environment through the thin client.  Is it possible to create a VPN account that locks a user down by Mac Address ?

If not, I would appreciate some suggestions on how I can do this using ASA client /  Firewalls.

Thanks
John
0
Comment
Question by:hexvader
3 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 1500 total points
ID: 39722658
You can use certificate based login and import the certificate on the thin client but leave the "export" checkbox unticked.

This way the cannot export the certificate to another client.

NOTE: There are "tools" like mimikatz which can export those certificates so it is not 100% safe.
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 39723284
Agreed, Certificates are the best option, it's pretty simple to setup
Securing Cisco SSL VPN's with Certificates

PL
0
 

Author Closing Comment

by:hexvader
ID: 39953742
Although I didn't use Henk's certificate based solution to solve the problem, his idea led me to do more research and I came across a function of my firewalls called Host Scan that allowed me to solve the problem
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question