Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5500 w/ RADIUS Auth Cisco VPN Client filter via..


Can somebody point me in the right direction for this? I'm willing to read any books/whitepapers you reference, I just need to know if it's possible and vaguely how.

I have Cisco VPN Clients connecting into the internal LAN and I would like to further my RADIUS authentication by checking for specific attributes of the operating system before granting authentication.

Example, I only want Windows XP computers who are members of the "DOM22" domain. Or, I only want Dell computers of a certain model to be able to authenticate through RADIUS/ASA5500 (possibly by querying WMI or registry key?).

Can someone point me in the right direction? Something tells me this type of authentication would tie in to the Cisco VPN Client software (making WMI calls, etc) but I can't find anything about it.

EDIT: I felt I should clarify. I'm already using RADIUS to authenticate domain accounts, specifically I'm looking for a way to limit which physical machines are given access without resorting to certificate distrobution to the machines I want to have access.