Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8130
Views
5
Helpful
3
Replies

Anyconnect MFA

abhijith891
Level 1
Level 1

‎11-26-2018 08:14 PM - edited ‎02-21-2020 09:31 PM

Hi All,

 

We have a simple Anyconnect structure in our environment where Anyconnect users are getting authenticated against AD for registered laptops. However, recently we could see some of our employees are trying to access our internal networks via Anyconnect on unregistered BYODs; so far none have been successful. So here are my queries:

 

1) Is it possible to access internal networks via Anyconnect on unregistered BYODs? If yes, how? And what are the workarounds for it?

2) What are some of the best MFA mechanisms which can be used with Anyconnect in the market today?

Labels:
0 Helpful
3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

‎11-26-2018 08:44 PM

check this post:

 

https://community.cisco.com/t5/security-documents/configure-two-factor-authentication-on-asa-for-cisco-anyconnect/ta-p/3403768

 

can use symantec VIP, Duo and a few others

Please remember to rate useful posts, by clicking on the stars below.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-27-2018 03:53 AM

Are you talking about AnyConnect Network Access Module (NAM) vs the VPN client?

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni

‎11-28-2018 10:55 AM

1) AnyConnect, by default, does not restrict which device a user can connect from. If you want to restrict AnyConnect to only corporate machines, you can use the Hostscan/DAP/Posture functionality to only allow Domain machines to connect successfully.

Example:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html#anc21

 

2) I think @Dennis Mink mentioned a few of them. Duo is now part of Cisco, and works well in my experience. Example guide are here:

https://duo.com/docs/cisco

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents