Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
1
Replies

Mobile OS identification with AnyConnect Host Scan

janiax
Level 1
Level 1

‎02-07-2019 08:36 AM - edited ‎02-21-2020 09:33 PM

Hello Cisco Community,

 

My goal is to allow only some users to connect to AnyConnect VPN via mobile systems such as Android and IOS.
Currently, we have several Tunnel Groups and Group Policies, that identify certain organizational units of our customer.
We use certificates and RADIUS for authentication and identification for all of these groups and users.
What I would like to do is to use Host Scan and deny the access for all of these groups from Android and IOS.
Then issue certificates that will distinguish mobile devices, that way, I will be able to identify Group Policy that is allowed to use mobile devices to connect to VPN.
This of course means, that Host Scan would need to be able to even detect Android and IOS. However, I can find only very old Host Scan documentation, where IOS and Android are not mentioned as supported platforms. We don't have ISE, I need to do this on ASA level.

 

Thanks,
Jan

Labels:
0 Helpful
1 Reply 1

Professor_Pickles
Level 1
Level 1

‎02-12-2019 03:31 PM

Hi, 

 

We just implemented hostscan on our 5545 running a 9.x code base to specifically only allow Apple IOS devices and it worked with very little effort. Initially I was seeking for a way to do this with our ISE install, but a call to TAC revealed it's far easier to do on the ASA with DAP/Hostscan. Can you share the link and maybe I can confirm if it's still valid?

0 Helpful
Customers Also Viewed These Support Documents