NMHGADM
asked on
Cisco Anyconnect vpn secure desktop android and ios
I have and ASA 5510. The starts are as follows.
ASA Version, 9.1(4)
ASDM Version 7.1(5)
Anyconnect client software 3.1.04072
Secure desktop 3.6.6210.
We use the ASA to provide an SSL VPN for company assets that are not on the WAN. Our current set up incorporates Secure desktop manager to look for a specific reg key on the asset. If they key is not found on the client it is not allowed to authenticate any further.
Things look like we are going to be supporting Android and IOS devices soon. By adding the Mobility License to the ASA Android and IOS devices could download the Anyconnect client and access the VPN. The kicker is that I'm being asked if the ASA can perform a similar check on Android and IOS. So far my findings are "no".
With Windows systems there are plenty of options, I'm not finding much for the others. The Android and IOS devices are to be "company issued devices", so I guess we have some control. The need is to make sure that only "company issued devices" can access the VPN, or at the very least only the ones we designate for access.
Is this possible with what I have or is it a pipe dream? Is it possible using something else?
Thanks, keep warm.
ASA Version, 9.1(4)
ASDM Version 7.1(5)
Anyconnect client software 3.1.04072
Secure desktop 3.6.6210.
We use the ASA to provide an SSL VPN for company assets that are not on the WAN. Our current set up incorporates Secure desktop manager to look for a specific reg key on the asset. If they key is not found on the client it is not allowed to authenticate any further.
Things look like we are going to be supporting Android and IOS devices soon. By adding the Mobility License to the ASA Android and IOS devices could download the Anyconnect client and access the VPN. The kicker is that I'm being asked if the ASA can perform a similar check on Android and IOS. So far my findings are "no".
With Windows systems there are plenty of options, I'm not finding much for the others. The Android and IOS devices are to be "company issued devices", so I guess we have some control. The need is to make sure that only "company issued devices" can access the VPN, or at the very least only the ones we designate for access.
Is this possible with what I have or is it a pipe dream? Is it possible using something else?
Thanks, keep warm.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Best answer given. It is a great starting point. Maybe some 3rd party thing will be used. Unfortunate, I'm given no direction at this point. Thanks for the start.
Glad to be of help.
Thank you for points and compliments.
Good Luck for your project.
Thank you for points and compliments.
Good Luck for your project.
ASKER
I'm probably going to be best served, with a shift in my thinking, to an IPSec connection. Possibly from a different URL?
It is seeming that using Secure Desktop with a host scan is not going to be the answer.