Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
925
Views
0
Helpful
4
Replies

Restrict Remote VPN access for MAC OS X Users

Go to solution
Sam Almeida
Level 1
Level 1

‎02-13-2013 04:09 AM

Hi All,

As the tittle suggests, I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.

We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.

Help would be greatly appreciated

Thanks,

Sam

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎02-13-2013 04:27 AM

You can match on the Operating System in the Dynamic Access Policies. But there are some restrictions. You need the HostScan-License which only works with the AnyConnect Premium license. And if I remember right, the DAPs were introduced in ASA v8, so the older ASA has to be updated (an update would be a good idea anyway).

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎02-13-2013 04:27 AM

You can match on the Operating System in the Dynamic Access Policies. But there are some restrictions. You need the HostScan-License which only works with the AnyConnect Premium license. And if I remember right, the DAPs were introduced in ASA v8, so the older ASA has to be updated (an update would be a good idea anyway).

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Sam Almeida
Level 1
Level 1
In response to Karsten Iwen

‎02-13-2013 04:35 AM

Thanks Karsten for reply.

We dont not use AnyConnect. We currently have Remote IPsec connection and have a Security Plus license. Does that cover the HostScan License?

If not are there any other solutions maybe ACL based etc.?

Thanks

Sam

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Sam Almeida

‎02-13-2013 04:46 AM

The hostscan needs AnyConnect, so there is nothing for the IPSec-Client. Also the ACL is not aware of the OS, so that won't work.

Perhaps you can match on the Client-Version >= v5. The MAC-client is only available in version 4.9.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Sam Almeida
Level 1
Level 1
In response to Karsten Iwen

‎02-13-2013 04:49 AM

Cool, thanks for your help

0 Helpful
Customers Also Viewed These Support Documents