Solved

Cisco Anyconnect vpn secure desktop android and ios

Posted on 2014-01-23
4
679 Views
Last Modified: 2014-01-29
I have and ASA 5510.  The starts are as follows.

ASA Version, 9.1(4)

ASDM Version 7.1(5)

Anyconnect client software 3.1.04072

Secure desktop 3.6.6210.

We use the ASA to provide an SSL VPN for company assets that are not on the WAN.  Our current set up incorporates Secure desktop manager to look for a specific reg key on the asset.  If they key is not found on the client it is not allowed to authenticate any further.  

Things look like we are going to be supporting Android and IOS devices soon.  By adding the Mobility License to the ASA Android and IOS devices could download the Anyconnect client and access the VPN.  The kicker is that I'm being asked if the ASA can perform a similar check on Android and IOS.  So far my findings are "no".

With Windows systems there are plenty of options, I'm not finding much for the others.  The Android and IOS devices are to be "company issued devices", so I guess we have some control.  The need is to make sure that only "company issued devices" can access the VPN, or at the very least only the ones we designate for access.

Is this possible with what I have or is it a pipe dream?  Is it possible using something else?



Thanks, keep warm.
0
Comment
Question by:NMHGADM
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
ienaxxx earned 500 total points
ID: 39803139
It is possible, you have to use client* or group certificate in a two factor authentication second tunnel.

Then on the company device, you should install the client* or group certificate issued from your internal CA or a Public CA, by using the standart way.

*If you want you can issue a specific client certificate for each client device and have the ASA check at the trusted CA if the cert is valid (obviously you don't have to install all the certs on the asa, LOL).
0
 
LVL 1

Author Comment

by:NMHGADM
ID: 39803324
So, given the nature of these devices it got me thinking.  And talk of certs helps to back it up.  

I'm probably going to be best served, with a shift in my thinking, to an IPSec connection.  Possibly from a different URL?

It is seeming that using Secure Desktop with a host scan is not going to be the answer.
0
 
LVL 1

Author Closing Comment

by:NMHGADM
ID: 39814977
Best answer given.  It is a great starting point.  Maybe some 3rd party thing will be used.  Unfortunate, I'm given no direction at this point.  Thanks for the start.
0
 
LVL 10

Expert Comment

by:ienaxxx
ID: 39818347
Glad to be of help.
Thank you for points and compliments.
Good Luck for your project.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access License Server from 2 locations 4 72
IKEv2 VS  SSTP 4 123
Is banking over coffee-shop wifi SAFE? 16 128
Vpn Server 2012 not working Draytek Vigor 2830 2 24
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now