Blocking access from iPhones to Cisco VPN/ASA

Unanswered Question
Jun 17th, 2010

Hi


Is it possible to recognize and block iphone userss (using IPSEC VPN Client) from accessing corporate VPN ? We have a typical setup of multple ASAs, cluster, for different types of groups. Corporate support is for desktops with installed cisco vpn client 5.x. We know the iphones have inherent cisco vpn client (or downloadable) that can be configured to act as a vpn client. Corporate is not ready to support it. But, wondering if there's any technical way to recognize and block it (i doubt .. but checking just in case).


ps.. i know for ssl we'll need the license for macOS. But, the above question is for ipsec vpn.


thx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Fri, 06/18/2010 - 05:16

Yes, you can block iPhone IPSec on the ASA.


Try to connect the iPhone to the ASA, then on the ASA check the exact client type and/or version from the following:

show vpn-sessiondb detail full filter name


The output would include the Client Type and Client version.


From the Client Type and Client version, you can block it from the group-policy configuration:

ASDM --> Configuration --> Remote Access --> Network (Client) Access --> Group Policies --> Advanced --> IPSEC Client --> Client Access Rules --> Add --> Action: Deny --> VPN Client Type: from the above output --> VPN Client Version: from the above output


Hope that helps.

Actions

This Discussion