Solved

Cisco ASA 5540 - Anyconnect access to particular devices only

Posted on 2014-07-21
2
543 Views
Last Modified: 2014-07-22
Hello all -

Is it possible to use the Cisco ASA 5540 to block a user from coonecting via VPN using an IPAD but still allow his Windows laptop to connect?

Any advice would be great.

Thanks

J. Meza
0
Comment
Question by:CocoCounty
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40211630
There is Host Scan supported by Cisco Anyconnect that does a prelogin assessment checks for the following on the remote endpoint. These authentication data gathered can serves as the prelogin policy and Host Scan results, to apply a dynamic access policy (DAP) to the session.

–      Operating system
–      Presence or absence of any files you specify.
–      Presence or absence of any registry keys you specify. This check applies only if the computer is running Microsoft Windows.
–      Presence of any digital certificates you specify. This check also applies only if the computer is running Microsoft Windows.
–      IP address within a range you specify.

Starting with Cisco AnyConnect Secure Mobility Client Version 3.1, you can do posture assessment using HostScan. . It requires both the Cisco Adaptive Security Appliance and Cisco AnyConnect Secure Mobility Client. It is licensed through the Cisco AnyConnect Premium license. I did not manage to find any specific on 5540 but you can check this  5500-X example on using Lua expression to track specific mobile devices by their unique identifiers (UIDs). There are more other DAP example that cna be useful info for the lockdown checks

useful to check on more in Cisco AnyConnect Secure Mobility Solution FAQ
0
 

Author Comment

by:CocoCounty
ID: 40212466
Breadtan

Thanks for the information, I will start looking into it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
firewall inside of network 9 67
PCAnywhere 2 58
SQL Server Communications Audit 5 31
nipper studio 2 5
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now