Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Stop users from using AnyConnect on their phone?

Good evening...

Outside of using Cisco ISE and using up expensive advanced licenses, is there away to allow users to connect via Cisco Anyconnect on their pc or laptop, but keep them from setting it up on their phone or tablet?  I would like to offer two different groups based on the agreed access level.  "corporate provided laptop" or "corporate provided laptop and mdm managed personal device".  Currently, using the old cisco vpn client, you had reasonable assurance that if someone didn't have the profile they couldn't set it up on whatever device they wanted.. With anyconnect, it seems hard to limit what devices it can be configured on.  My only thought is that by utilizing certificate based authentication, not enabling scep on the ASA, the laptop gets it's certificate when it's imaged and joins the domain.  The personal device get's its certificated through the MDM and it's scep setup.... As anyone ran into this issue?

Thank you,



New Member

Raun, I'm not sure if this



I'm not sure if this still an issue for you but you maybe able to utilize the ASA DAP rules to achieve this. You can configure the Endpoint Attributes and set it equl to AnyConnect Android and set the action to terminate.