Solved: RA VPN Client restriction using MAC address - Cisco Community

1394

Views

0

Helpful

2

Replies

I want to restrict RA VPN access to firewall based on MAC address of the client.Basically we want to only allow remote users connect with their work laptop and not from their home PC for instance. I am using 8.4 ASA5510.

If such option is available please also share the link of how to configure it?

I have read few blogs,they say it cannot be done,but we can use Certificate based authentication and map MAC address to Certificate. If this is how it works,can you provide a link of how to configure it ?

1 Accepted Solution

Accepted Solutions

You could use Dynamic Access Policies and match on the MAC address and then specify what happens when a match is made...or not matched.

http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/ravpnpag.html#wp41993

here is a deployment guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

Anyone,please suggest on this.I need it ASAP

You could use Dynamic Access Policies and match on the MAC address and then specify what happens when a match is made...or not matched.

http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/ravpnpag.html#wp41993

here is a deployment guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts