AnyConnect Essential Domain Pre-Check

CompuVision Admin · ‎08-29-2012

I know this can be done with Host Scan or Secure Desktop but unfortunetaly we only have an AnyConnect essentials icense and just can't justify the cost for Premium given our needs.

I would however like to only allow AnyConnect connections from company assets, aka joined to our domain. Can anyone think of a way to do this without AnyConnect Premium licenses. We just don't need all the additional functionality and cost that the premium license brings at this stage.

Karsten Iwen · ‎08-29-2012

Certificate-based authentication is one way you could go.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Tarik Admani · ‎08-29-2012

You should be able to use essentails since premium is required for remediation. You can set the registry key in the host scan settings and map that to a dap policy, here is the path for the registry setting that should let you know if the client is a member of your domain:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain

Thanks,

Tarik Admani
*Please rate helpful posts*

Karsten Iwen · ‎08-29-2012

Premium ia also needed for Endpoint Assessment:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/feature/guide/anyconnect30features.html#wp43970

Sent from Cisco Technical Support iPad App

Tarik Admani · ‎08-29-2012

Karsten,

Thanks for catching this, I was thinking advance endpoint assessment (and not premium). Sorry for the wrong info...

Thanks,

Tarik Admani