Showing results for 
Show  only  | Search instead for 
Did you mean: 

RSD 2.0 and Cisco VPN Client

I have come to a stand-still with this with McAfee support and thought I'd see if anyone out there has come across this problem and a possible workaround.

I am using ePO4P4 and RSD2P2.

I have a Cisco 3000 VPN Concentrator and am using the v5.x VPN client.

I have a rogue sensor on my vpn subnet and am trying to catch rogues connecting via vpn *or* trying to use automatic responses to convert vpn-only clients to point to new ePO server.

Because the cisco vpn client uses the same MAC for every client, I am unable to match on MAC. I have tried matching using other options but there are jsut too many variables that come into play.

Has anyone out there had any success on finding a workaround for this scenario to allow mac matching to work properly?? As it stands, the last client detected is the only device detected.

Thanks in advance for any insight...
4 Replies
Level 7
Report Inappropriate Content
Message 2 of 5

RE: RSD 2.0 and Cisco VPN Client

The question is:
what you trying to achieve here Jeff?
If you worry about rouge usage of your VPN may be its better to consider NAC or certificates as second factor authentication on VPN concentrator?

The only thing that I was able to do with VPN clients is to create different software\DAT deployment policy that run every 10 minutes instead every 90 minutes for LAN clients.
But in any case I have to wait until client agent will initiate connection with ePo server, update IP, then it moved to VPN group, then it has new policy.
Since Cisco VPN blocking all inbound connection I can't do more than this.

Future plans are enforce strict NAC policy, since I able to identify client by IP and run different set of checks.

RE: RSD 2.0 and Cisco VPN Client

We do use 2 factor authentication. We require a group logon/password within the client as well as AD creds. The problem that I have run into is there are some people that have the vpn installer with built-in group logon/pass so they install the client on their home pc's that are not managed by me. I need to know when these clowns connect so I can remove their access...
Level 7
Report Inappropriate Content
Message 4 of 5

RE: RSD 2.0 and Cisco VPN Client

Have same problem - going to use machine certificates when marking private key unexportable (please use for CA key size of 2048 - VPN 3000 limitation).
So if VPN concentrator will be not able to identify certificate + group password + AD account user will be not able to access.

and first who I will catch with trying to use his personal PC will go to HR :mad::p

RE: RSD 2.0 and Cisco VPN Client

The folllowing may be of use for those of us with clients coming in over VPN - it prevents ePO from using the MAC of the virtual interface for matching
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community