Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Stop users from using AnyConnect on their phone?

raun.williams
Level 3
Level 3

‎07-27-2014 05:58 PM

Good evening...

Outside of using Cisco ISE and using up expensive advanced licenses, is there away to allow users to connect via Cisco Anyconnect on their pc or laptop, but keep them from setting it up on their phone or tablet?  I would like to offer two different groups based on the agreed access level.  "corporate provided laptop" or "corporate provided laptop and mdm managed personal device".  Currently, using the old cisco vpn client, you had reasonable assurance that if someone didn't have the profile they couldn't set it up on whatever device they wanted.. With anyconnect, it seems hard to limit what devices it can be configured on.  My only thought is that by utilizing certificate based authentication, not enabling scep on the ASA, the laptop gets it's certificate when it's imaged and joins the domain.  The personal device get's its certificated through the MDM and it's scep setup.... As anyone ran into this issue?


Thank you,

 

Raun

Labels:
0 Helpful
1 Reply 1

jsmith7735
Level 1
Level 1

‎08-14-2014 03:01 PM

Raun,

 

I'm not sure if this still an issue for you but you maybe able to utilize the ASA DAP rules to achieve this. You can configure the Endpoint Attributes and set it equl to AnyConnect Android and set the action to terminate.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents