Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
958
Views
0
Helpful
1
Replies

ACIDEX attributes for mobile AnyConnect devices

niko
Level 1
Level 1

‎09-30-2020 06:12 AM

Basically, there is a requirement of receiving device-public-mac attribute in order to check the device compliance against MDM based on the MAC address, but even though some of the PCs are sending this attributes, mobile devices are not. It was tested on Android v10 with the latest v4.9.00548 AnyConnect.

Based on the documentation this is possible via ACIDEX attributes, but what are the conditions for sending ACIDEX attributes from AnyConnect client? So far, it looks like platform dependent, but I haven't found any reasonable documentation and there's no definite answer from some of the internal sources as well.

Any experience with this? 

Labels:
0 Helpful
1 Reply 1

SergGu
Level 1
Level 1

‎09-20-2021 11:49 AM

from https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2015/pdf/BRKSEC-3033.pdf

 

AnyConnect Identity Extensions from Mobile Devices
• AnyConnect Mobile (iOS, Android) do not send MAC address – not available through OS API
• Currently ISE uses MAC address as key for Profiling, MDM lookup
0 Helpful
Customers Also Viewed These Support Documents