Solved: Hello Shaktiku,

gbolahanadefila07 · ‎09-08-2016

Hello,

I am working on a Cisco Anyconnect VPN task and I am trying to limit the access to the network only with domain join machine. I have an ISE configured for Posturing using 'Registry Key condition' but I am having issues using this because of certificate issue.

I am looking to move away from using ISE and find a way to this on the ASA and if I have to use ISE, I wouldn't want to use Posture. Does anyone have an idea on how to go about configuring this environment so that only domain joined computer can have access to the network?

Devices:

Cisco ASA 55xx version 9.4

Cisco ISE 2.1

AD

Shakti Kumar · ‎09-08-2016

Hi gbolahanadefila07 ,

You can achieve it using below mentioned methods :-

1.) you can use posturing on ASA , you can do a file check , registry check , anitvirus check , operating system check for the client machine using DAP , below mentioned document will be of help

DAP Deployment Guide

2.) You can use certificate based authentication for Any connect for that you need to set up an Internal CA server to issue client certificates . Please refer to below link

Anyconnect Certificate based Auth

Hope that helps

Thanks

Shakti

View solution in original post

Shakti Kumar · ‎09-08-2016