08-29-2012 08:58 AM - edited 02-21-2020 06:18 PM
I know this can be done with Host Scan or Secure Desktop but unfortunetaly we only have an AnyConnect essentials icense and just can't justify the cost for Premium given our needs.
I would however like to only allow AnyConnect connections from company assets, aka joined to our domain. Can anyone think of a way to do this without AnyConnect Premium licenses. We just don't need all the additional functionality and cost that the premium license brings at this stage.
08-29-2012 09:02 AM
Certificate-based authentication is one way you could go.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-29-2012 08:35 PM
You should be able to use essentails since premium is required for remediation. You can set the registry key in the host scan settings and map that to a dap policy, here is the path for the registry setting that should let you know if the client is a member of your domain:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain
Thanks,
Tarik Admani
*Please rate helpful posts*
08-29-2012 11:46 PM
Premium ia also needed for Endpoint Assessment:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/feature/guide/anyconnect30features.html#wp43970
Sent from Cisco Technical Support iPad App
08-29-2012 11:59 PM
Karsten,
Thanks for catching this, I was thinking advance endpoint assessment (and not premium). Sorry for the wrong info...
Thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide