02-14-2019 01:45 PM - edited 02-21-2020 09:34 PM
We currently have an ASA 5512 and we are using AnyConnect client for connections. I need to make sure that only the company machines can connect and not any users personal machines. We use Radius and Duo for 2FA. We would prefer to not use certificates if possible.
Thanks,
Ken
02-14-2019 02:43 PM
Hi,
What about using DAP to scan windows reigstry for the Domain Registry key in order to determine the domain membership? Alhough I can anyone could just create the key with the correct entry, a domain issue certificate would be as easy to circumvent.
HTH
02-14-2019 05:37 PM
02-14-2019 09:41 PM
Yes Certicate based authentication also a good option. i have couple of setup done all working as expected.
Hope you have pre-package laptop builds, we setup auto renew every 7days - so security risk can be mitigated.
choose what best option for the coporate policies.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide