cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
666
Views
0
Helpful
3
Replies

Anyconenct using AAA(Radius) authentication

Murugank
Level 1
Level 1

We have ASA 5510 with 8.2.5 version and device manager version 7.8.2

 

We had configured the AAA(Radius server(AD)) server as authentication server. Now we have requirement of identifying the VPN user devices(Laptop/desktop/mobile) belongs to company/personal.

 

That information has to be send to remote syslog server

 

Is there any way to get this information from radius or how to restrict the user using personal device.

 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Not directly via RADIUS.

If you enable the AnyConnect hostscan module and have logging set to informational on the ASA you can gather the information via syslog. If you have AnyConnect Apex licenses you can also create a posture condition to require the client PC be a member of the desired domain.

By the way an ASA 5510 running 8.2.5 software is VERY long past end of service. Your security would be much better served by a more modern firewall and adoption of features it offers vs trying to modify this old platform.

Marvin,

Thank you for the information
How to install the hotscan module on the ASA 5510 and how to check Anyconnect Apex license exist on the firewall

Sorry - I just checked the configuration guides and it looks like AnyConnect Posture and Hostscan require at least ASA 8.4.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/vpn/asa-914-vpn-config/vpn-hostscan.html

So you won't be able to do this on your very old 5510 running 8.2. Yet another reason to get something more modern.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: