06-05-2019 11:48 AM - edited 02-21-2020 09:11 AM
Hello!
We have a situation where, for interoffice compliance, we want to regulate what machines can and can't connect to the AnyConnect VPN service. We're advising our employees that they are to only use work computers to connect to the VPN, as some have used personal devices in the past. However, we are looking to control this (or at least monitor this) if possible. As of right now, there is no authentication server, and we're using ASA 5508x devices. Is it a possibility to control the connections, and if not, can we at least monitor what machine is connecting to the network to address it internally if needed? Thanks for any assistance you can give.
06-05-2019 11:54 AM
Are you providing the device to end user to use your corporate laptop ?
you do not want any other device to use any connect ?
06-05-2019 12:06 PM
Are you providing the device to end user to use your corporate laptop ?
- I'm not sure if I understand. They will be using a corporate laptop to connect. We want to either prevent connecting from non-preconfigured laptops, or monitor what computers connect remotely.
you do not want any other device to use any connect ?
- Correct - Only the computers we specify that have been preconfigured. We want to prevent other machines from connecting to the VPN.
I know there are some DACL rules you can set, but I'm not incredibly familiar with this setting.
06-05-2019 12:32 PM
here is the example certificate based authtentication :
06-05-2019 08:37 PM
you can try using the windows host file to direct non authorized internal workstations when they try to connect to the anyconnect ip to go to 127.0.0.0.
if you want to monitor who is connected it from the asa side, i would create an eem script and have it monitor/look for the syslog # of the anyconnect service when connected then tag in to call-home that way it send (emails) you who just got connected via any connect vpn.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide