Unanswered Question
May 27th, 2008
User Badges:

I want to allow vpn session from remote user only if this computer domain = mydomain.ru

for example:

In my company i have many users who work on notebook. And i want to allow only vpn session from this notebooks.

Its possible if I use this command? (vpn-nac-exempt)

And if possible - what attributes this command need

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vadim.kharchenko Wed, 05/28/2008 - 04:58
User Badges:

Yes - i used pre shared key on vpn (ipsec)

Just if user setup cisco vpn client to another computer, they connect to my asa... But if new computer have virus or else?

That is why I want to allow access to vpn only on computer who include my domain.

Amadou TOURE Wed, 05/28/2008 - 07:37
User Badges:


vpn-nac-exempt is used to exempt workstation that match the OS specified in the command options from NAC posture validation.

Do you have a NAC server which posture remote access users ?

Amadou TOURE Wed, 05/28/2008 - 09:25
User Badges:

In this case, I'm sorry but I don't know how you could do it without NAC server.

1. With PKI, it's possible to verify the domain which the certificate belongs before accepting the ipsec request

2. with authentication server (ACS for example), users may provide userid like [email protected] and you apply specific profile.

But I know that these solutions don't fit exactly your request.


This Discussion