ASA Client locked down by Mac Address

Experts,
We have a third party company based in Europe that needs to log into our production environment to do some off hour work for us.  The way we are planning on accomplishing access for them is through VPN by way of a Dell Wyce Thin Client.

The thin client is running windows 8 and a Cisco ASA VPN client.  Our firewalls are ASA 1500.  My goal is to lock this company down so they can only access our production environment through the thin client.  Is it possible to create a VPN account that locks a user down by Mac Address ?

If not, I would appreciate some suggestions on how I can do this using ASA client /  Firewalls.

Thanks
John
hexvaderAsked:
Who is Participating?
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
You can use certificate based login and import the certificate on the thin client but leave the "export" checkbox unticked.

This way the cannot export the certificate to another client.

NOTE: There are "tools" like mimikatz which can export those certificates so it is not 100% safe.
0
 
Pete LongTechnical ConsultantCommented:
Agreed, Certificates are the best option, it's pretty simple to setup
Securing Cisco SSL VPN's with Certificates

PL
0
 
hexvaderAuthor Commented:
Although I didn't use Henk's certificate based solution to solve the problem, his idea led me to do more research and I came across a function of my firewalls called Host Scan that allowed me to solve the problem
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.