Remote client - Windows Computer Authentication

Unanswered Question
Mar 3rd, 2008

Dear sir,

I have a question about remote VPN client authentication via ASA. The client has to meet the following requirement in order to get access to company's network.

1. username/password should match windows Active directory user info

2. The client computer must be registered domain computer. ( the reason for this requirement is to prevent the following incident - one manager knew teammate's username/password. After he terminated his job at the company, he was able to access the company network using his personal PC and teammate's username and password "

I can complete the user authentication via Kerberos, LDAP or Radius. However, I can not find a way to meet the second requirement.

Could you please kindly adivse if there is anyway to meet both requirement to authenticate remote client?

Thank you very much!

Regards,

jing

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
tomek0001 Tue, 03/04/2008 - 11:33

Hi,

I was faced with a similar requirement that you are. One way to check if a computer is part of the domain is to verify that the host computer has a certificate that is signed by the domain's Certificate Authority. Not sure if you domain has that configured but that's a one way of checking. When the employee leaves and tries to connect with home computer it will fail even before he/she gets the username prompt.

Some other way is using Cisco Secure Desktop under Config > Remote Access VPN > Secure Desktop Manger> Setup. In the you could check for things like OS version, specific Registry keys, files, processes running...etc.

Hope this helps.

(please rate the response if you found it useful)

molokinidive Tue, 03/04/2008 - 15:21

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?

Regards,

Shizue

molokinidive Tue, 03/04/2008 - 15:22

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connect vpn client?

Regards,

Shizue

tomek0001 Tue, 03/04/2008 - 18:42

I believe that it only works for the Any Connect and SSL. But if you wanted to do certificate authentication you could also do it using the IP Sec client.

Cisco also has their heavy NAC infrastructure that work independent of the vpn client. You can check out http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html

for more on their NAC. You could also use other NAC product from other networking security vendors. Let me know if you have more questions one that.

molokinidive Tue, 03/04/2008 - 15:22

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?

Regards,

Shizue

Actions

This Discussion