cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
490
Views
0
Helpful
2
Replies
tinhnho123
Beginner

Cisco AnyConnect VPN question

Hi Guys,

 

We have Cisco FTD/FMC AnyConnect VPN up and running for 150 full-time staff for over a year, the staff have company's laptops, these laptops are fully joined the company's AD domain and fully windows patched and also have anti-virus installed monthly if not weekly.

 

We just hired 20 contractors, the contractors don't have company laptops but they have their own laptops and need access to our AnyConnect VPN. We'd like to give them access to our VPN but we need to make sure their laptops meet our security requirement (windows patches, anti-virus, anti-malware software installed...etc.) otherwise they will get denied access. Are there ways that Cisco AnyConnect VPN can check the end hosts for security requirements before authentication happened?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Mentor

@tinhnho123 

No natively in FMC, currently the only option is using Cisco ISE as well for authorization and posturing.

 

The users would connect to the VPN in a posture unknown state with limited access, posture checks would be run to determine (patches, AV, AM, registry values etc) and if compliant granted full/additional access to the network.

 

Reference:-

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215236-ise-posture-over-anyconnect-remote-acces.html

View solution in original post

2 REPLIES 2
Rob Ingram
VIP Mentor

@tinhnho123 

No natively in FMC, currently the only option is using Cisco ISE as well for authorization and posturing.

 

The users would connect to the VPN in a posture unknown state with limited access, posture checks would be run to determine (patches, AV, AM, registry values etc) and if compliant granted full/additional access to the network.

 

Reference:-

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215236-ise-posture-over-anyconnect-remote-acces.html

View solution in original post

@Rob Ingram Thanks sir!

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (38%)

Content for Community-Ad