Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Assigning AnyConnect Client Profiles based on the machine?

I have an ASA running 8.2.x code with AnyConnect 2.4.x.I have both Radius and LDAP (AD) AAA available.

If a user connects from a company owned laptop, I want to push down AnyConnect client ProfileA (with scripts to map drives etc...) and network ACL's set A.

If a user connects from any other computer, I want to push down AnyConnect client ProfileB (no scripts etc...) and network ACL's set B.

What I would like to do is CSD to do a machine certificate check (for presence of a cert from my private CA) and to assign a EndPoint Policy attribute (Managed on successful check or Unmanaged on failure). I can then use DAP to tailor the ACL's that get set.

It seems like the only way to handle AnyConnect client profiles is with Group-Policy. Using LDAP I can assign a user to a Group-Policy, but I have no way of determining is they are coming in from a company laptop or not when assigning the Group-Policy. DAP can not assign an AnyConnect client profile.

If at all possible, I do not users to have to pick a conenction profile or use different URL's.

Is there anyway to accomplish this?

1 REPLY
New Member

Assigning AnyConnect Client Profiles based on the machine?

Hi

Did you ever resolve this issue?  I am trying to assign a specific IP address based on the hostname or machine cert but the certificate matching doesn't seem to look at the machine cert.

Has anyone got any idea how I could do this?

thanks

Steve

677
Views
0
Helpful
1
Replies