Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
0
Helpful
1
Replies

AnyConnect Machine Info Gathering?

Aa4222282
Level 1
Level 1

‎01-16-2020 08:10 AM - edited ‎02-21-2020 09:50 PM

We have Cisco AnyConnect setup without any device/cert authentication. In trying to lockdown the AnyConnect further, I'd like to work with our network engineer to pull information on usage oh how many people are using AnyConnect on non-company issues laptops. Is there anyway to gather logs from the ASA that shows the machine name or other machine details of the connecting client?

 

Thanks! 

0 Helpful
1 Reply 1

Panos Bouras
Level 1
Level 1

‎01-16-2020 12:20 PM

Hi,

 

I believe that your best bet is to use ISE to do posturing or chaining.

Anyconnect provides the following info via ACIDex, I found them limited

AnyConnect Identity Extensions (ACIDex) for Non-Mobile Platforms 

There might be a way to use internal CA certificates for VPN authentication as to ensure which user is using corporate endpoint.

 

Also check this thread:

https://community.cisco.com/t5/identity-services-engine-ise/validating-anyconnect-identity-extensions-acidex-attributes/td-p/3567472

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
Customers Also Viewed These Support Documents