12-02-2016 07:02 AM
I was wondering, if it is possible to have similar capability as MS DirectAccess where a client Windows computer would automatically detect corporate network connectivity, and if not found, raise a VPN tunnel before logon using Computer certificate authentication?
Being Anyconnect such a mature product, I would be surprised if this is not possible.
Solved! Go to Solution.
12-02-2016 01:28 PM
One more option you can use is "Always On" VPN where user connects automatically as soon as user logs in to the computer. I shared this to answer your question about the query to connect vpn before the user can log on.
Refer to this link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.pdf#page19
I am sure this will help you answer your question.
Thanks,
Vishnu
Please rate helpful posts!!
12-02-2016 10:56 AM
Hi Diegovas,
If I am not wrong, you are looking for a functionality where laptop connects immediately to the corporate network if it detects non corporate network. Please correct me if I am wrong.
If you are looking for what I just said then you need to configure "Trusted Network Detection" and in this case the anyconnect will immediately connect to the corporate network. You can refer to this link to get this configured on you ASA.
Link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac06websecurity.html#pgfId-1109158
Let me know if this helps.
Thanks,
Vishnu
Please rate helpful posts.
12-02-2016 11:03 AM
Thank you, this is exactly the kind of network detection that I was looking for! Would a VPN client configured in this manner connect even before user logon, and if so, could It authenticate using a Computer certificate only?
Thanks again!
12-02-2016 11:45 AM
Hi,
You cannot make it to work without certificates. The only other way available to authenticate is by using username and password and it needs manual intervention which defeats the purpose of TND.
I hope this answers tour query.
Thanks,
Vishnu
12-02-2016 12:24 PM
Thanks, the meaning of my question was if it can authenticate using the computer certificate ONLY, so from your answer I am guessing yes? What about connect before logon?
12-02-2016 01:28 PM
One more option you can use is "Always On" VPN where user connects automatically as soon as user logs in to the computer. I shared this to answer your question about the query to connect vpn before the user can log on.
Refer to this link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.pdf#page19
I am sure this will help you answer your question.
Thanks,
Vishnu
Please rate helpful posts!!
04-26-2017 07:49 AM
I'd like to bring this back:
Can you enable always on VPN without the use of certificates and only through machine authentication?
I have a customer looking for a solution that provides automatic VPN connections (without any user interaction) and that does not require the use of certificates.
Thanks,
Tina
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide