Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
4
Helpful
5
Replies

Remote client - Windows Computer Authentication

molokinidive
Level 1
Level 1

‎03-03-2008 06:13 PM

Dear sir,

I have a question about remote VPN client authentication via ASA. The client has to meet the following requirement in order to get access to company's network.

1. username/password should match windows Active directory user info

2. The client computer must be registered domain computer. ( the reason for this requirement is to prevent the following incident - one manager knew teammate's username/password. After he terminated his job at the company, he was able to access the company network using his personal PC and teammate's username and password "

I can complete the user authentication via Kerberos, LDAP or Radius. However, I can not find a way to meet the second requirement.

Could you please kindly adivse if there is anyway to meet both requirement to authenticate remote client?

Thank you very much!

Regards,

jing

Labels:
0 Helpful
5 Replies 5

tomek0001
Level 4
Level 4

‎03-04-2008 11:33 AM

Hi,

I was faced with a similar requirement that you are. One way to check if a computer is part of the domain is to verify that the host computer has a certificate that is signed by the domain's Certificate Authority. Not sure if you domain has that configured but that's a one way of checking. When the employee leaves and tries to connect with home computer it will fail even before he/she gets the username prompt.

Some other way is using Cisco Secure Desktop under Config > Remote Access VPN > Secure Desktop Manger> Setup. In the you could check for things like OS version, specific Registry keys, files, processes running...etc.

Hope this helps.

(please rate the response if you found it useful)

molokinidive
Level 1
Level 1
In response to tomek0001

‎03-04-2008 03:21 PM

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?

Regards,

Shizue

0 Helpful

molokinidive
Level 1
Level 1
In response to tomek0001

‎03-04-2008 03:22 PM

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connect vpn client?

Regards,

Shizue

0 Helpful

tomek0001
Level 4
Level 4
In response to molokinidive

‎03-04-2008 06:42 PM

I believe that it only works for the Any Connect and SSL. But if you wanted to do certificate authentication you could also do it using the IP Sec client.

Cisco also has their heavy NAC infrastructure that work independent of the vpn client. You can check out http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html

for more on their NAC. You could also use other NAC product from other networking security vendors. Let me know if you have more questions one that.

0 Helpful

molokinidive
Level 1
Level 1
In response to tomek0001

‎03-04-2008 03:22 PM

Thank you for the information.

Does Cisco Secure Desktop work with cisco vpn client software? or it is limited to SSL vpn client / any connection vpn client?

Regards,

Shizue

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents