Solved

ASA Client locked down by Mac Address

Posted on 2013-12-16
3
493 Views
Last Modified: 2016-11-23
Experts,
We have a third party company based in Europe that needs to log into our production environment to do some off hour work for us.  The way we are planning on accomplishing access for them is through VPN by way of a Dell Wyce Thin Client.

The thin client is running windows 8 and a Cisco ASA VPN client.  Our firewalls are ASA 1500.  My goal is to lock this company down so they can only access our production environment through the thin client.  Is it possible to create a VPN account that locks a user down by Mac Address ?

If not, I would appreciate some suggestions on how I can do this using ASA client /  Firewalls.

Thanks
John
0
Comment
Question by:hexvader
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39722658
You can use certificate based login and import the certificate on the thin client but leave the "export" checkbox unticked.

This way the cannot export the certificate to another client.

NOTE: There are "tools" like mimikatz which can export those certificates so it is not 100% safe.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39723284
Agreed, Certificates are the best option, it's pretty simple to setup
Securing Cisco SSL VPN's with Certificates

PL
0
 

Author Closing Comment

by:hexvader
ID: 39953742
Although I didn't use Henk's certificate based solution to solve the problem, his idea led me to do more research and I came across a function of my firewalls called Host Scan that allowed me to solve the problem
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question