Hi Scott, Certificate based authentication can meet these needs.
This document is just a starting point -- the client certificate installation procedure is onerous. If you have a MS environment it's easier to push out certs with group policy objects than making your end users download and install certificates. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml -mtw > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Scott Granados > Sent: Wednesday, November 04, 2009 9:43 AM > To: [email protected] > Subject: [c-nsp] Restricting VPN connections to company hardware? > > Hi, > I've been googling but not finding much although I think > I'm probably > formulating my search incorrectly so I'm hoping for some > pointers here. > I use ASA 5520 hardware to provide VPN services to end > users with Cisco > VPN clients and some L2L sessions. We've been finding that folks are > configuring IPhones and other non approved devices to attach > to the network. > What's the best method to certify that end users are connecting with > approved devices only? Is there a good way say for me to > allow company > provided laptops but not allow clients from home machines where users > duplicate their profile or non-certified end devices like > pocket PC devices? > I understand how to filter based on client type but this > doesn't prevent > someone from copying their profile file from one machine to > another. Any > pointers would be appreciated. > > Thanks > Scott > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
