cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
713
Views
0
Helpful
3
Replies

Anyconnect Users endpoint Machine Scanning

Hi Everyone,

 

Can anyone let me know that "Can I authorize user to connect anyconnect client Vpn where ASA checks Users machine registry value/Key using Hotscan features or ISE. Below is my scenerio.

 

Setting up a lab where my user authenticate using 2FA i.e 1phase of authentication where user enter credentials specified in AD/ISE and then third party application i.e Innefu using OTP/SMS. Even if these steps fulfill then user machine will be check for registry value/key using Hotscan or ISE to authorize user to establish anyconnect client Vpn.

 

Any help will be appreciated.

 

 

3 Replies 3

Hi,
Yes, if you are using ISE with Posture configured, make a registry value a requirement of the posture policy. The user will authenticate using 2FA, then run posture. If the registry value does or does not exist, the user will be authorized appropriately.

HTH

Hi Rji,

Thanks for your help.

As every machine has different registry key so on what basis ISE will do posturing.

 

 

If the computer is joined to the domain there will be a registry value under:- "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain". Create a registry entry to match the "Domain" value, which only your domain joined computers should have.

Or if your domain computers have specific application installed, find it's registry location and create a registry entry for it. Alternatively create a condition for an application or a file that only exists on the computer.