Re: Is this possible using Anyconnect?

faghouri316 · ‎02-13-2011

Hi Everyone

Was wondering if anyone could help me out with some issues with Anyconnect which unfortunately im very rusty with. I have some requirements but i dont know how to go about implementing or if theyre even possible with Anyconnect.

Ive set up Anyconnect on an ASA where all users are authenticated via an active directory server (LDAP) but all users are given an i.p address from one configred pool on the ASA. What i now need to do is set up the ASA to allocate certain IP addresses to certain users. Is this quite simple to do and how would i go about it?

The second problem i have is allowing only verified machines onto the network. Even if the user installs anyconnect onto his laptop and has the username password and RSA key, access would still be denied as it wouldnt be a verified machine. Any way i could implement this?

Not touched firewalls for a couple of years and ive tried searching/googling but had no luck. Thanks for your help

Jennifer Halim · ‎02-13-2011

Your first question: yes, it is possible. What you would need to do is to get the AD server to assign you the static ip address, instead of using the ASA ip pool to assign the ip address to your AnyConnect users.

Here is the sample configuration for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/extsvr.html#wp1661694

Your second question: is also possible using DAP to check specifics within your company standard PC.
Here is more on DAP for your reference:
http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/vpn_dap.html

Hope that helps.