Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC-Based authentication in ASA anyconnect VPN

Hi,

I have been configuring anyconnect VPN. The requirement from customer is to configure MAC address based authentication for anyconnect clients. I have gone through various cisco documents. I couldnot find this option explained. Is MAC address based authentication possible in anyconnect vpn without having AAA server in place?

There is an option to select end point attribute as MAC address, while creating Dynamic access policies. But at the host scan configuration of Cisco secure desktop, there are no options for performing MAC retrieval.

My ASA is running on version 8.2(1) and ASDM version 6.3(1) and a memory of 512 MB RAM.

Please suggest a way for MAC based authentication in cisco anyconnect VPN.

Thanks and Regards,

Madhan kumar G

Everyone's tags (5)
3 REPLIES
Cisco Employee

Re: MAC-Based authentication in ASA anyconnect VPN

Host scan will include the mac address by default, so you do not need to configure this explicitly.

If you have tried to create a DAP policy matching on a MAC address, and it doesn't work, let us know.

New Member

Re: MAC-Based authentication in ASA anyconnect VPN

Can the DAP and policy be made to check AAA for mac addresss?

Cisco Employee

Re: MAC-Based authentication in ASA anyconnect VPN

Not 100% sure as I can't try it out right now but I think it might work using an "advanced" DAP condition like

EVAL(endpoint.device.MAC[aaa.ldap.macaddress],"EQ","true","caseless")

(if you have an LDAP server that sends the MAC address as an attribute named "macaddress").

hth

Herbert

5965
Views
0
Helpful
3
Replies
CreatePlease to create content