Not with the ASA.
You're going to have to look into NAC or ISE.
There are also many non-Cisco products available for control and management of personal wireless devices.
Thanks for the quick response. Can we configure a group policy and a profile and filter from there ?
can we do it as just a vpn users group with more restrictions? we are a cisco shop and we try to use what we have now.
ISE is the full-featured solution for such protection moving forward. However, depending on how you use your ASA in your environment, you may be able to use CSD and DAP for this. Have a look at the nice video demonstrating the feature:
Hope this helps.
Great video. I see where this could apply in a remote access vpn solution, but what about wireless. Can you think of any ways to integrate this solution into wireless access? I'm just thinking out loud, but maybe create a vendor ssid / controller interface that routes to the ASA for authentication and access into the network.
Does CSD support any other OS besides windows, mac, and linux?
Wireless and other scenarios are where the ISE solution comes to the fore. It does profiling and posture assessment etc.
CSD only supports Windows, OS X and Linux. Reference. What other OS did you have in mind?
Below is a link to the recently published Cisco BYOD 2.0 White Paper:
Also, be on the lookout for the official BYOD 2.0 launch coming in March!
BYOD design guide v1.0 published last year (does not include ISE) has some pertinent info around certificate authentication and remote access VPN.
BYOD Design Guide 1.0:
Sent from Cisco Technical Support iPad App
There seems to little information around for BYOD from Cisco from what I can see so far.
I'm thinking about using ISE for management and some WLC's on the Internet DMZ with NAC boxes. Using NAC for user pages/dhcp scope like a Guest NAC Server.
Can the ISE do what the Clean Access Lite Manager can do? Manage remote NAC's, control user pages, dhcp scope, mac filtering, ip filtering etc?
My proposal for BYOD internet
SSID for BYOD
MAC filtering (done on ISE if possible)
Internal WLC's with a mobility anchor to Internet DMZ WLC
DMZ NAC (guest type server?)
ISE to manage DMZ NAC like Clean Lite access mrg if possible
to allow limited connectivity like good.com
I need to get Cisco in the office, but any recommendations would be helpful.