09-08-2016 08:19 AM
Hello,
I am working on a Cisco Anyconnect VPN task and I am trying to limit the access to the network only with domain join machine. I have an ISE configured for Posturing using 'Registry Key condition' but I am having issues using this because of certificate issue.
I am looking to move away from using ISE and find a way to this on the ASA and if I have to use ISE, I wouldn't want to use Posture. Does anyone have an idea on how to go about configuring this environment so that only domain joined computer can have access to the network?
Devices:
Cisco ASA 55xx version 9.4
Cisco ISE 2.1
AD
Solved! Go to Solution.
09-08-2016 11:21 AM
Hi gbolahanadefila07 ,
You can achieve it using below mentioned methods :-
1.) you can use posturing on ASA , you can do a file check , registry check , anitvirus check , operating system check for the client machine using DAP , below mentioned document will be of help
2.) You can use certificate based authentication for Any connect for that you need to set up an Internal CA server to issue client certificates . Please refer to below link
Anyconnect Certificate based Auth
Hope that helps
Thanks
Shakti
09-08-2016 11:21 AM
Hi gbolahanadefila07 ,
You can achieve it using below mentioned methods :-
1.) you can use posturing on ASA , you can do a file check , registry check , anitvirus check , operating system check for the client machine using DAP , below mentioned document will be of help
2.) You can use certificate based authentication for Any connect for that you need to set up an Internal CA server to issue client certificates . Please refer to below link
Anyconnect Certificate based Auth
Hope that helps
Thanks
Shakti
09-09-2016 07:23 AM
Hello Shaktiku,
Thank you for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide