cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6944
Views
0
Helpful
3
Replies

MAC-Based authentication in ASA anyconnect VPN

madhankumar.g
Beginner
Beginner

Hi,

I have been configuring anyconnect VPN. The requirement from customer is to configure MAC address based authentication for anyconnect clients. I have gone through various cisco documents. I couldnot find this option explained. Is MAC address based authentication possible in anyconnect vpn without having AAA server in place?

There is an option to select end point attribute as MAC address, while creating Dynamic access policies. But at the host scan configuration of Cisco secure desktop, there are no options for performing MAC retrieval.

My ASA is running on version 8.2(1) and ASDM version 6.3(1) and a memory of 512 MB RAM.

Please suggest a way for MAC based authentication in cisco anyconnect VPN.

Thanks and Regards,

Madhan kumar G

3 Replies 3

Herbert Baerten
Cisco Employee
Cisco Employee

Host scan will include the mac address by default, so you do not need to configure this explicitly.

If you have tried to create a DAP policy matching on a MAC address, and it doesn't work, let us know.

Can the DAP and policy be made to check AAA for mac addresss?

Not 100% sure as I can't try it out right now but I think it might work using an "advanced" DAP condition like

EVAL(endpoint.device.MAC[aaa.ldap.macaddress],"EQ","true","caseless")

(if you have an LDAP server that sends the MAC address as an attribute named "macaddress").

hth

Herbert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers