I have a request from business where they need to have this feature which only allows users to connect to remote vpn only if they are using company provided laptop and restrict them if they use their personal laptop.
Any suggestion how can I achieve this?
Best Answer
If your network is based on Microsoft Active Directory, you can configure the system to only allow computers that are joined to the domain to access the corporate network. Since the employee won't have the domain administrator credentials necessary to join his/her personal laptop to the domain, this will prohibit the personal machine from connecting to the network via the VPN. Since you mention Cisco AnyConnect, this can be configured to authenticate the VPN connections via Active Directory, however the exact steps vary depending on the version and type of VPN gateway, as well as the version of Windows Server in use.
Another step would be to implement MAC based filtering, to only allow certain MAC addresses access, although this would involve recording the MAC addresses of every device that needs access (And should not be the only method of access control as MAC addresses are not difficult to spoof)