Hi Julio,
Thanks for your answer.
But I will try be more specific on my question through giving you some more Context:
As I wrote before the scenario is CISCO ASA 4110 as VPN Concentrator, Cisco AnyConnect Secure Mobility Client and a MFA to give users access to the corporate network. The problem is:
How to make sure only corporate machines are allowed inside the corporate network if users are using valid LDAP credentials and clients (AnnyConnect and MFA) installed in personal computers allowing not corporate machines going inside the intranet (actually they can)?
Is there any special policy/attribute we can use on CISCO ASA 4110 in conjonction with LDAP to validate only corporate assigned machines to a valid user in the LDAP can authenticate and get inside the network?
I was reading on manual asa-95-vpn-config.pdf a possible solution scenario like this:
Enforce Logon Hours and Time-of-Day Rules
The following example shows how to configure and enforce the hours that a clientless SSL user (such as a
business partner) is allowed to access the network.
On the AD server, use the Office field to enter the name of the partner, which uses the
physicalDeliveryOfficeName attribute. Then we create an attribute map on the ASA to map that attribute to
the Cisco attribute Access-Hours. During authentication, the ASA retrieves the value of
physicalDeliveryOfficeName and maps it to Access-Hours.
Is this last one an alternative or we need another component to limit personal computers using valid credentials and clients?
Thanks in advance!
