Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA Client locked down by Mac Address

Posted on 2013-12-16
3
Medium Priority
?
503 Views
Last Modified: 2016-11-23
Experts,
We have a third party company based in Europe that needs to log into our production environment to do some off hour work for us.  The way we are planning on accomplishing access for them is through VPN by way of a Dell Wyce Thin Client.

The thin client is running windows 8 and a Cisco ASA VPN client.  Our firewalls are ASA 1500.  My goal is to lock this company down so they can only access our production environment through the thin client.  Is it possible to create a VPN account that locks a user down by Mac Address ?

If not, I would appreciate some suggestions on how I can do this using ASA client /  Firewalls.

Thanks
John
0
Comment
Question by:hexvader
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 1500 total points
ID: 39722658
You can use certificate based login and import the certificate on the thin client but leave the "export" checkbox unticked.

This way the cannot export the certificate to another client.

NOTE: There are "tools" like mimikatz which can export those certificates so it is not 100% safe.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39723284
Agreed, Certificates are the best option, it's pretty simple to setup
Securing Cisco SSL VPN's with Certificates

PL
0
 

Author Closing Comment

by:hexvader
ID: 39953742
Although I didn't use Henk's certificate based solution to solve the problem, his idea led me to do more research and I came across a function of my firewalls called Host Scan that allowed me to solve the problem
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question