Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

vpn-nac-exempt

I want to allow vpn session from remote user only if this computer domain = mydomain.ru

for example:

In my company i have many users who work on notebook. And i want to allow only vpn session from this notebooks.

Its possible if I use this command? (vpn-nac-exempt)

And if possible - what attributes this command need

6 REPLIES
New Member

Re: vpn-nac-exempt

Sorry i forgot write this:

I have asa 7.2

New Member

Re: vpn-nac-exempt

Hello,

Do you use certificates or pre-shared key ?

New Member

Re: vpn-nac-exempt

Yes - i used pre shared key on vpn (ipsec)

Just if user setup cisco vpn client to another computer, they connect to my asa... But if new computer have virus or else?

That is why I want to allow access to vpn only on computer who include my domain.

New Member

Re: vpn-nac-exempt

Hello,

vpn-nac-exempt is used to exempt workstation that match the OS specified in the command options from NAC posture validation.

Do you have a NAC server which posture remote access users ?

New Member

Re: vpn-nac-exempt

No :(

New Member

Re: vpn-nac-exempt

In this case, I'm sorry but I don't know how you could do it without NAC server.

1. With PKI, it's possible to verify the domain which the certificate belongs before accepting the ipsec request

2. with authentication server (ACS for example), users may provide userid like user@domain and you apply specific profile.

But I know that these solutions don't fit exactly your request.

149
Views
0
Helpful
6
Replies
CreatePlease to create content