MAC-Based authentication in ASA anyconnect VPN

Unanswered Question
Sep 20th, 2010
User Badges:

Hi,


I have been configuring anyconnect VPN. The requirement from customer is to configure MAC address based authentication for anyconnect clients. I have gone through various cisco documents. I couldnot find this option explained. Is MAC address based authentication possible in anyconnect vpn without having AAA server in place?



There is an option to select end point attribute as MAC address, while creating Dynamic access policies. But at the host scan configuration of Cisco secure desktop, there are no options for performing MAC retrieval.


My ASA is running on version 8.2(1) and ASDM version 6.3(1) and a memory of 512 MB RAM.


Please suggest a way for MAC based authentication in cisco anyconnect VPN.


Thanks and Regards,

Madhan kumar G

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Herbert Baerten Tue, 10/05/2010 - 14:44
User Badges:
  • Cisco Employee,

Host scan will include the mac address by default, so you do not need to configure this explicitly.

If you have tried to create a DAP policy matching on a MAC address, and it doesn't work, let us know.

Herbert Baerten Thu, 04/26/2012 - 02:42
User Badges:
  • Cisco Employee,

Not 100% sure as I can't try it out right now but I think it might work using an "advanced" DAP condition like


EVAL(endpoint.device.MAC[aaa.ldap.macaddress],"EQ","true","caseless")


(if you have an LDAP server that sends the MAC address as an attribute named "macaddress").


hth

Herbert

Actions

This Discussion

Related Content