i look for a solution to check if a connecting remote access client device is corporate device or not before the vpn connection is permitted.
I want to use the standard Cisco VPN Client (IPSEC) and use the "IPSEC-over-TCP" feature and change the IoT-Port from 10000 to 443 so clients only need TCP443 to start an full IPSEC connection.
This ssl-vpn trend is to expensive (licensed per concurrent users.. BOAHH!).
I want the users to use GINA (start vpn before windows logon) and login after successfull vpn to their windows domain so that login scripts can work and network drives are mapped.
But how to ENFOrCE that it must be a corporate device and the users dont install vpn client on a private device?