cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3156
Views
0
Helpful
4
Replies

Restrict VPN to certain computers

info0000102
Level 1
Level 1

Hello! 

 

We have a situation where, for interoffice compliance, we want to regulate what machines can and can't connect to the AnyConnect VPN service.  We're advising our employees that they are to only use work computers to connect to the VPN, as some have used personal devices in the past.  However, we are looking to control this (or at least monitor this) if possible.  As of right now, there is no authentication server, and we're using ASA 5508x devices.  Is it a possibility to control the connections, and if not, can we at least monitor what machine is connecting to the network to address it internally if needed? Thanks for any assistance you can give. 

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Are you providing the device to end user to use your corporate laptop ? 

 

you do not want any other device to use any connect ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Are you providing the device to end user to use your corporate laptop ? 

- I'm not sure if I understand. They will be using a corporate laptop to connect. We want to either prevent connecting from non-preconfigured laptops, or monitor what computers connect remotely.  

 

you do not want any other device to use any connect ?

- Correct - Only the computers we specify that have been preconfigured. We want to prevent other machines from connecting to the VPN. 

 

I know there are some DACL rules you can set, but I'm not incredibly familiar with this setting.  

you can try using the windows host file to direct non authorized internal workstations when they try to connect to the anyconnect ip  to go to 127.0.0.0. 

if you want to monitor who is connected it from the asa side, i would create an eem script and have it monitor/look for the syslog # of the anyconnect service when connected then tag in to call-home that way it send (emails) you who just got connected via any connect vpn.

Review Cisco Networking for a $25 gift card