10-09-2017 08:54 AM
Hi expert,
ISE is used for radius server for anyconnect connection. Is it possible to check whether anyconnect PC is a domain computer?
I use AD domain user for authentication, create authorization condition to check domain computer and define different rights accordingly. But it doesn't work. I use a domain computer to connect anyconnect vpn successfully, but from radius log, session does not match the condition of checking domain computer.
br,
Martin
Solved! Go to Solution.
10-09-2017 10:53 AM
I don't think you will have much luck getting the VPN client to pass in domain computer credentials. You have two ways to handle this typically:
#1 is the method I always use to ensure my Employee VPN is only allowed on corporate owned devices. When you do computer cert authentication on the ASA you have to roll out the XML profile ahead of time with the machine store cert check setting enabled. Otherwise the AnyConnect client can't check the machine cert store.
You would be doing machine cert check on the ASA + AD credential check in ISE.
10-09-2017 10:53 AM
I don't think you will have much luck getting the VPN client to pass in domain computer credentials. You have two ways to handle this typically:
#1 is the method I always use to ensure my Employee VPN is only allowed on corporate owned devices. When you do computer cert authentication on the ASA you have to roll out the XML profile ahead of time with the machine store cert check setting enabled. Otherwise the AnyConnect client can't check the machine cert store.
You would be doing machine cert check on the ASA + AD credential check in ISE.
05-04-2020 11:40 PM
05-05-2020 03:42 PM
See these examples for the both the ASA configuration and the ISE policy configuration elements.
SSL VPN with AnyConnect using Certificate-Based Authentication
ISE Configuration for Anyconnect VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide