[c-nsp] Cisco ASA and ipads
Ryan West
rwest at zyedge.com
Mon Jan 30 11:16:52 EST 2012
On Sun, Jan 29, 2012 at 21:54:59, Thomason, Simon wrote:
> Subject: [c-nsp] Cisco ASA and ipads
>
> I am looking at allowing IPADS to from a VPN with our ASA to provide
> limited access.
>
> I would like to ideally have the IPAD connect with a cert and username
> password but have the ASA aware that the device connecting is an IPAD
> and heavily restrict its access.
>
Since the Ipad/Iphone's do not run host scan, they are detected through a plugin value returned from DAP. That combined with cert based login should give you want and I don't think you would need the premium license for the plugin value.
> I really need the ASA to be aware what these device are to prevent
> users importing a laptop certain and gaining full access to the
> network over their IPAD. I am pretty certain you can get this
> functionality with premium but just want to check you can and it works well.
>
> Has anyone look into this at all?
>
> Just did a quick search to see if the ASA would support Dot1x and does
> not look like they do as this might have been a different option.
>
-ryan
More information about the cisco-nsp
mailing list