[c-nsp] Profiling with ASA?
Scott Voll
svoll.voip at gmail.com
Mon Nov 21 14:00:47 EST 2011
Ryan--
Thanks for the direction. I have setup CSD and DAP's but I'm wondering if
there is some way to move from there to Group Policy?
Where I'm going with all of this, is I have a Large telecommuting base and
some use corporate laptops (that we want to use Scan Safe / Anyconnect 3.0)
and home PC's that we don't want to use Scan Safe on.
Any ideas?
TIA
Scott
On Thu, Nov 17, 2011 at 10:07 AM, Ryan West <rwest at zyedge.com> wrote:
> Scott,
>
> On Thu, Nov 17, 2011 at 12:06:55, Scott Voll wrote:
> > Subject: [c-nsp] Profiling with ASA?
> >
> > Has anyone done any Profiling of Devices connecting to ASA for
> > anyconnect VPN service?
> >
> > I'm looking at how the ASA can Profile a user device, example. user
> > Joe connects with Corporate Laptop, use profile Corp. user Joe turns
> > around and connects via his home PC, use profile Home.
> >
> > I'm not sure where to look for the documentation, because I don't know
> > what Cisco would call it. Any info or links would be Highly appreciated.
> >
>
> If you already have premium anyconnect licensing, you could leverage host
> scan with CSD to pull a file or registry key to determine if the laptop is
> a corporate entity or not. If you need more a robust solution, Cisco is
> pushing ISE pretty hard these days and you could use an iPEP device after
> your ASA to enforce policy.
>
>
> http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac05hostscanposture.html#wp1033842
>
>
> http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_ipep_deploy.html
>
> -ryan
>
More information about the cisco-nsp
mailing list