03-03-2008 06:13 PM
Dear sir,
I have a question about remote VPN client authentication via ASA. The client has to meet the following requirement in order to get access to company's network.
1. username/password should match windows Active directory user info
2. The client computer must be registered domain computer. ( the reason for this requirement is to prevent the following incident - one manager knew teammate's username/password. After he terminated his job at the company, he was able to access the company network using his personal PC and teammate's username and password "
I can complete the user authentication via Kerberos, LDAP or Radius. However, I can not find a way to meet the second requirement.
Could you please kindly adivse if there is anyway to meet both requirement to authenticate remote client?
Thank you very much!
Regards,
jing
03-04-2008 11:33 AM
Hi,
I was faced with a similar requirement that you are. One way to check if a computer is part of the domain is to verify that the host computer has a certificate that is signed by the domain's Certificate Authority. Not sure if you domain has that configured but that's a one way of checking. When the employee leaves and tries to connect with home computer it will fail even before he/she gets the username prompt.
Some other way is using Cisco Secure Desktop under Config > Remote Access VPN > Secure Desktop Manger> Setup. In the you could check for things like OS version, specific Registry keys, files, processes running...etc.
Hope this helps.
(please rate the response if you found it useful)
03-04-2008 03:21 PM
Thank you for the information.
Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?
Regards,
Shizue
03-04-2008 03:22 PM
Thank you for the information.
Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connect vpn client?
Regards,
Shizue
03-04-2008 06:42 PM
I believe that it only works for the Any Connect and SSL. But if you wanted to do certificate authentication you could also do it using the IP Sec client.
Cisco also has their heavy NAC infrastructure that work independent of the vpn client. You can check out http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html
for more on their NAC. You could also use other NAC product from other networking security vendors. Let me know if you have more questions one that.
03-04-2008 03:22 PM
Thank you for the information.
Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?
Regards,
Shizue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide