Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

AnyConnect DAP and LDAP Question

richard.schultz1
Level 1
Level 1

‎08-16-2016 07:01 AM - edited ‎02-21-2020 08:56 PM

I am testing a solution and I'm having a hard time wrapping my head around it. 

We have internal and external VPN "customers" - internal obviously having more access than external. Authentication is all done via RSA and keyfob/token.

One issue we run into is that internal customers currently have the option of using their personal PCs to VPN in from wherever, which isn't ideal. So I'm exploring the idea of configuring DAP for specific group policies to check the PC for a file, registry entry, something along those lines, perhaps LDAP group.

What I don't want to do is have the DAP policy apply to the group policies that my external customers use, as they are allowed to use their PCs. Caveat being they aren't as free to roam on the network as internal.

I'm hoping to gather some thoughts from the community here on what would be the best way to go about doing this before I dive headfirst into promising a result.

Thanks!

Labels:
0 Helpful
1 Reply 1

pjain2
Cisco Employee
Cisco Employee

‎08-25-2016 12:37 AM

Hey Richard,

you can use ldap group as a match criteria and you can then set any check condition like registry check, OS check, etc.

this will be the best way to go about it.

0 Helpful
Customers Also Viewed These Support Documents