cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

304
Views
5
Helpful
2
Replies
Highlighted
Beginner

Restrict AnyConnect access to AD registered machines.

We have AD authentication working well for user authentication of AnyConnect sessions.  We now need to restrict AnyConnect access to ONLY machines registered in AD.  I'm not having any success with this.  What's the best way to do this?

Everyone's tags (3)
2 REPLIES 2
Beginner

Hi, You can try split

Hi,

 

You can try split tunneling.. Define a standard ACL which would have only those host / subnets and allow in the group policy which is getting pushed to the users..

 

Also, you can use DAP policy to push access to certain host.

 

 

Hall of Fame Guru

The most common method is to

The most common method is to use a Dynamic Access Policy (DAP). That requires you have AnyConnect Premium and Advanced Endpoint Assessment licenses. If you do, we can refer to the Configuration Guide section on DAP. Typically we search for a registry key that identifies the domain membership.

The other alternative is to issue machine certificates and use the certificate as the first step of a two-factor authentication method. That does not require either of the two licenses I mentioned - only AnyConnect Essentials (although if you have them , that's OK).

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here