07-12-2020 07:09 PM
We have ASA 5510 with 8.2.5 version and device manager version 7.8.2
We had configured the AAA(Radius server(AD)) server as authentication server. Now we have requirement of identifying the VPN user devices(Laptop/desktop/mobile) belongs to company/personal.
That information has to be send to remote syslog server
Is there any way to get this information from radius or how to restrict the user using personal device.
07-12-2020 10:59 PM
Not directly via RADIUS.
If you enable the AnyConnect hostscan module and have logging set to informational on the ASA you can gather the information via syslog. If you have AnyConnect Apex licenses you can also create a posture condition to require the client PC be a member of the desired domain.
By the way an ASA 5510 running 8.2.5 software is VERY long past end of service. Your security would be much better served by a more modern firewall and adoption of features it offers vs trying to modify this old platform.
07-12-2020 11:06 PM
07-13-2020 05:05 AM
Sorry - I just checked the configuration guides and it looks like AnyConnect Posture and Hostscan require at least ASA 8.4.
Reference:
So you won't be able to do this on your very old 5510 running 8.2. Yet another reason to get something more modern.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: