MAC address authentication and VPN clients

Unanswered Question
Sep 25th, 2007

Hi, I have a couple of questions.

We have a PIX 515E and clients conencting remotely using Cisco VPN client 5

1. How can I display a message box when thsy connect with some text in it that they have to agree to? and if they don't can they get disconnected

2. Users are prompted for their domain credentials when conencting. The PIX then forwards this to an internal IAS/Radius server to verify username and password and the remote access policies- user group, time etc. Is it possible to also authenticate them according to known MAC addresses? I'd like to be able to only have known PCs connecting so software cannot be installed on home PCs etc.

Thats it for now. Thanks in advance for any info given.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Thu, 09/27/2007 - 01:38

Here are some answers altough you might not be happy with them:

1: Never seen it, I do not think this is possible. What you want typically covered by a "usage policy" that the users must agree with before being provided with a login.

2: The verification that you want can be realized by using certificate authentication. On connection setup both ends are authenticated and the parameters for this may include certain system-specific options.

Drawback: installing and maintaining a CA environment is more complex than straight forward aaa authentication.

regards,

Leo

martymailey Thu, 09/27/2007 - 03:49

Thanks for the advice.

have you ever seen even a message box with text and an OK button. I'm not bothered about the disconnecting bit.

I nothice in vpn client there is a Notifications section, do you know what this is used for?

thanks

marty

Actions

This Discussion