ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
130
Views
4
Helpful
2
Replies
Highlighted
Beginner

Limiting the VPN Connection


Is there any feature in Cisco Anyconnect or other software to allow Domain users to connect only to their

corporate VPN. We don't want domain users to connect any other VPN rather than corporate VPN.

VPN users are authenticating with ISE. Is there any workaround for this.

2 REPLIES 2
Highlighted
Rising star

Hi deepuvarghese1 I think you

Hi deepuvarghese1

 

I think you can use the Always-ON and Auto connect on start feature of the XML profile to accomplish this. 

 Make sure to uncheck the "user controllable"  and "allow vpn disconnect" to avoid the end user to start another VPN session. 

 

See more information about those features:

https://supportforums.cisco.com/document/12549161/anyconnect-xml-preferences

Hope it helps

- Randy -

Highlighted
Beginner

Hello, I would suggest using

Hello,

 

I would suggest using a DAP policy and check for a certificate or a register key on corporate machines. This action requires host-scan. You can learn more about DAP policies following this link:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

Also an LDAP mapping would be a good option to prevent users to connect to a tunnel-group they are not supposed to connect on.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98625-asa-ldap-authentication.html

 

Please check those links out and if you have any questions please let me know.

 

Regards,