09-27-2017 07:53 AM - edited 03-12-2019 04:34 AM
Is there a configuration/setting on the ASA so that I can stop Apple users from connecting to the VPN?
I have some contractors that have gotten clever and are bypassing my posture rules (ISE) using their Apple Laptops. We are a Windows shop and prefer to keep it that way, at least for now. I am limited in knowledge of Apple devices in general, and just don't have the time nor the staff to have this additional 'support' burden.
09-27-2017 08:24 AM
09-27-2017 12:12 PM
09-27-2017 12:20 PM
I haven't read through it yet, but part of the problem with these unauthorized Apple clients, is that they don't have NAC Agent installed. All of our Windows clients do. So would this ISE configuration mentioned aboive have any affect, woudln't Anyconnect just ignore anything ISE said without the NAC agent installed?
I know there is also something in (or a part of) Anyconnect that can do the ISE posturing instead of using NAC Agent, but I haven't made it that far in configuration of ISE (I'm also in the throws of rebuilding ISE to v2.3 from our current 1.4).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide