[c-nsp] Restricting VPN connections to company hardware?
Matthew White
mawhi at vestas.com
Wed Nov 4 15:26:32 EST 2009
Hi Scott,
Certificate based authentication can meet these needs.
This document is just a starting point -- the client certificate installation procedure is onerous. If you have a MS environment it's easier to push out certs with group policy objects than making your end users download and install certificates.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
-mtw
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Granados
> Sent: Wednesday, November 04, 2009 9:43 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Restricting VPN connections to company hardware?
>
> Hi,
> I've been googling but not finding much although I think
> I'm probably
> formulating my search incorrectly so I'm hoping for some
> pointers here.
> I use ASA 5520 hardware to provide VPN services to end
> users with Cisco
> VPN clients and some L2L sessions. We've been finding that folks are
> configuring IPhones and other non approved devices to attach
> to the network.
> What's the best method to certify that end users are connecting with
> approved devices only? Is there a good way say for me to
> allow company
> provided laptops but not allow clients from home machines where users
> duplicate their profile or non-certified end devices like
> pocket PC devices?
> I understand how to filter based on client type but this
> doesn't prevent
> someone from copying their profile file from one machine to
> another. Any
> pointers would be appreciated.
>
> Thanks
> Scott
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list