I know that you can, using webvpn, validate domain membership as a logon condition
. However, I am wondering if you can do one step beyond that, and have radius or ldap somehow authenticate the computer account, before moving on to user authentication. I am wondering if can be done using the standard VPN client, and/or webvpn or anyconnect. I am not looking for certificates, and am willing to make some modifications to the client if needed. So basically, heres what Im looking for, mainly on the webvpn:
User logs in -> prelogon check authenticates computer account in AD --> if pass, proceed to user authentic ation. If fail, either deny access, or apply another group/policy of more resitrcted access.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...