Hi Scott, Certificate based authentication can meet these needs.
This document is just a starting point -- the client certificate installation procedure is onerous. If you have a MS environment it's easier to push out certs with group policy objects than making your end users download and install certificates. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml -mtw > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados > Sent: Wednesday, November 04, 2009 9:43 AM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] Restricting VPN connections to company hardware? > > Hi, > I've been googling but not finding much although I think > I'm probably > formulating my search incorrectly so I'm hoping for some > pointers here. > I use ASA 5520 hardware to provide VPN services to end > users with Cisco > VPN clients and some L2L sessions. We've been finding that folks are > configuring IPhones and other non approved devices to attach > to the network. > What's the best method to certify that end users are connecting with > approved devices only? Is there a good way say for me to > allow company > provided laptops but not allow clients from home machines where users > duplicate their profile or non-certified end devices like > pocket PC devices? > I understand how to filter based on client type but this > doesn't prevent > someone from copying their profile file from one machine to > another. Any > pointers would be appreciated. > > Thanks > Scott > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/