You are here
SEC0135 - SSL VPN AnyConnect Secure Mobility Always-On VPN
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video shows how to enforce VPN connection upon users with Cisco AnyConnect Secure Mobility Always-On VPN feature. If your company security policy requires your users to establish a VPN back to corporate network before having any kind of network connectivity, including local internet, and prevent users from disconnecting from the VPN this video is for you. We will go through different configurable behaviors of Always-On VPN to help you make a decision on adopting the feature.
Topic:
- Always-On VPN
- Trusted and Untrusted Network
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
3 comments
Sonny
Thanks for the video. Very useful.
AnyConnect Security
We want the user to be able to do cisco anyconnect vpn via specific (Trusted) devices only.
We want the Authentication Method to be (AAA + Certificate) and the user not to be able to install anyconnect to another device or export the certificate
My question is: Is it possible to achieve the above with ASA and Anyconnect?
AnyConnect Security
Absolutely. The cert itself already determines which device is allowed to connect. While you can't prevent user from installing AnyConnect on any device they want, you can make sure the device that you install the cert on for them cannot export cert/key.