Solved

Cisco ASA 5540 - Anyconnect access to particular devices only

Posted on 2014-07-21
2
561 Views
Last Modified: 2014-07-22
Hello all -

Is it possible to use the Cisco ASA 5540 to block a user from coonecting via VPN using an IPAD but still allow his Windows laptop to connect?

Any advice would be great.

Thanks

J. Meza
0
Comment
Question by:CocoCounty
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40211630
There is Host Scan supported by Cisco Anyconnect that does a prelogin assessment checks for the following on the remote endpoint. These authentication data gathered can serves as the prelogin policy and Host Scan results, to apply a dynamic access policy (DAP) to the session.

–      Operating system
–      Presence or absence of any files you specify.
–      Presence or absence of any registry keys you specify. This check applies only if the computer is running Microsoft Windows.
–      Presence of any digital certificates you specify. This check also applies only if the computer is running Microsoft Windows.
–      IP address within a range you specify.

Starting with Cisco AnyConnect Secure Mobility Client Version 3.1, you can do posture assessment using HostScan. . It requires both the Cisco Adaptive Security Appliance and Cisco AnyConnect Secure Mobility Client. It is licensed through the Cisco AnyConnect Premium license. I did not manage to find any specific on 5540 but you can check this  5500-X example on using Lua expression to track specific mobile devices by their unique identifiers (UIDs). There are more other DAP example that cna be useful info for the lockdown checks

useful to check on more in Cisco AnyConnect Secure Mobility Solution FAQ
0
 

Author Comment

by:CocoCounty
ID: 40212466
Breadtan

Thanks for the information, I will start looking into it.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question