Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

endpoint.anyconnect.deviceuniqueid parameter restored to other device via migration

Dear all,

Our ASA5505 is set up as VPN acces point with remote access VPN via anyconnect with certificates using DAP rules to  match their phones and laptops that is considered as best practice.

Today one of our colleagues upgraded his iPhone to last 6.

He did a backup on his PC with iTunes and then restored his contacts and apps on new device.

On both devices there are valid certificates. On both devices now the endpoint.anyconnect.deviceuniqueid parameter is same.

I see this as a security hole in order to permit intruders have access to our internal network.

This is as somebody can steal the key to make a copy. I thought deviceuniqueid is "glued" to device as it should be. He has just to clone the iPhone or android device.

I want a phone serial number or IMEI values be available through anyconnect in order to use them with DAP policies. MAC address could be also cloned.

The only thing is to implement a secondary login/password authorization witch will annoy users.

May I consider another way to protect from certificate and MAC or uniqueID cloning?

Thanks anticipated.

some DAP-trace:

endpoint.anyconnect.clientversion="3.0.12119";
endpoint.anyconnect.platform="apple-ios";
endpoint.anyconnect.devicetype="iPhone5,2";
endpoint.anyconnect.platformversion="8.0";
endpoint.anyconnect.deviceuniqueid="da9be5b4b4d94690976448e19f02dd581d06eef7"

endpoint.anyconnect.clientversion="3.0.12119";
endpoint.anyconnect.platform="apple-ios";
endpoint.anyconnect.devicetype="iPhone7,2";
endpoint.anyconnect.platformversion="8.1";
endpoint.anyconnect.deviceuniqueid="da9be5b4b4d94690976448e19f02dd581d06eef7";

 

135
Views
0
Helpful
0
Replies