Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
3
Replies

Cisco AnyConnect, I need to only allow company machines to have VPN access

KEN COUSINO JR.
Level 1
Level 1

‎02-14-2019 01:45 PM - edited ‎02-21-2020 09:34 PM

We currently have an ASA 5512 and we are using AnyConnect client for connections.  I need to make sure that only the company machines can connect and not any users personal machines.  We use Radius and Duo for 2FA.  We would prefer to not use certificates if possible.

 

Thanks,

Ken

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎02-14-2019 02:43 PM

Hi,

What about using DAP to scan windows reigstry for the Domain Registry key in order to determine the domain membership? Alhough I can anyone could just create the key with the correct entry, a domain issue certificate would be as easy to circumvent.

 

HTH

0 Helpful

KEN COUSINO JR.
Level 1
Level 1
In response to Rob Ingram

‎02-14-2019 05:37 PM

But with DAP you have to use CSD or can you do it without CSD?
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-14-2019 09:41 PM

Yes Certicate based authentication also a good option. i have couple of setup done all working as expected.

 

Hope you have pre-package laptop builds, we setup auto renew every 7days - so security risk can be mitigated.

choose what best option for the coporate policies.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents