cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

61
Views
0
Helpful
1
Replies

AnyConnect DAP and LDAP Question

I am testing a solution and I'm having a hard time wrapping my head around it. 

We have internal and external VPN "customers" - internal obviously having more access than external. Authentication is all done via RSA and keyfob/token.

One issue we run into is that internal customers currently have the option of using their personal PCs to VPN in from wherever, which isn't ideal. So I'm exploring the idea of configuring DAP for specific group policies to check the PC for a file, registry entry, something along those lines, perhaps LDAP group.

What I don't want to do is have the DAP policy apply to the group policies that my external customers use, as they are allowed to use their PCs. Caveat being they aren't as free to roam on the network as internal.

I'm hoping to gather some thoughts from the community here on what would be the best way to go about doing this before I dive headfirst into promising a result.

Thanks!

1 REPLY 1
Cisco Employee

Hey Richard,

Hey Richard,

you can use ldap group as a match criteria and you can then set any check condition like registry check, OS check, etc.

this will be the best way to go about it.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here