Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2589
Views
5
Helpful
6
Replies

Connect before logon AND Computer Cert Authentication?

Go to solution
diegovas
Level 1
Level 1

‎12-02-2016 07:02 AM

I was wondering, if it is possible to have similar capability as MS DirectAccess where a client Windows computer would automatically detect corporate network connectivity, and if not found, raise a VPN tunnel before logon using Computer certificate authentication?

Being Anyconnect such a mature product, I would be surprised if this is not possible.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vishnu Sharma
Level 1
Level 1
In response to diegovas

‎12-02-2016 01:28 PM

One more option you can use is "Always On" VPN where user connects automatically as soon as user logs in to the computer. I shared this to answer your question about the query to connect vpn before the user can log on. 

Refer to this link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.pdf#page19

I am sure this will help you answer your question. 

Thanks,

Vishnu

Please rate helpful posts!!

View solution in original post

6 Replies 6

Go to solution
Vishnu Sharma
Level 1
Level 1

‎12-02-2016 10:56 AM

Hi Diegovas,

If I am not wrong, you are looking for a functionality where laptop connects immediately to the corporate network if it detects non corporate network. Please correct me if I am wrong.

If you are looking for what I just said then you need to configure "Trusted Network Detection" and in this case the anyconnect will immediately connect to the corporate network. You can refer to this link to get this configured on you ASA.

Link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac06websecurity.html#pgfId-1109158

Let me know if this helps.

Thanks,

Vishnu

Please rate helpful posts.

0 Helpful

Go to solution
diegovas
Level 1
Level 1
In response to Vishnu Sharma

‎12-02-2016 11:03 AM

Thank you, this is exactly the kind of network detection that I was looking for! Would a VPN client configured in this manner connect even before user logon, and if so, could It authenticate using a Computer certificate only?

Thanks again!

0 Helpful

Go to solution
Vishnu Sharma
Level 1
Level 1
In response to diegovas

‎12-02-2016 11:45 AM

Hi,

You cannot make it to work without certificates. The only other way available to authenticate is by using username and password and it needs manual intervention which defeats the purpose of TND.

I hope this answers tour query.

Thanks,

Vishnu

0 Helpful

Go to solution
diegovas
Level 1
Level 1
In response to Vishnu Sharma

‎12-02-2016 12:24 PM

Thanks, the meaning of my question was if it can authenticate using the computer certificate ONLY, so from your answer I am guessing yes? What about connect before logon?

0 Helpful

Go to solution
Vishnu Sharma
Level 1
Level 1
In response to diegovas

‎12-02-2016 01:28 PM

One more option you can use is "Always On" VPN where user connects automatically as soon as user logs in to the computer. I shared this to answer your question about the query to connect vpn before the user can log on. 

Refer to this link: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.pdf#page19

I am sure this will help you answer your question. 

Thanks,

Vishnu

Please rate helpful posts!!

Go to solution
tisaad
Cisco Employee
Cisco Employee
In response to Vishnu Sharma

‎04-26-2017 07:49 AM

I'd like to bring this back: 

Can you enable always on VPN without the use of certificates and only through machine authentication?

I have a customer looking for a solution that provides automatic VPN connections (without any user interaction) and that does not require the use of certificates.  

Thanks, 

Tina

0 Helpful
Customers Also Viewed These Support Documents