I have a Cisco ASA 5515 failover pair and a Windows 2008 R2 server that has Network Policy Server installed and uses RADIUS to authenticate Cisco AnyConnect VPN clients.
I am looking for options on how to limit Cisco AnyConnect VPN connections to company laptops.
I considered this - http://www.petenetlive.com/KB/Article/0000335.htm
- but understand that Cisco ASA failover pairs cannot be used as local certificate authorities.
My RADIUS server uses the logic of if a user is a member of an AD security group "VPN Access" - they can authenticate. Is it possible to incorporate something similar for computers that are part of the AD domain? Are there any other options I can consider?