I’m new to VPNs, but work have given me a laptop which I can use to connect to their intranet through Cisco AnyConnect.
I would really like to be able to access their intranet on my personal computer, in order to make use of the higher desktop performance and my preferred monitors, keyboard, mouse, etc
There is a myriad of settings looking at the VPN client on the work laptop. Is it technically possible to use said settings to set up a VPN client on my desktop?
For the love of all that is holy and pure, please ask your employer’s IT department before you even attempt this. There could be massive repercussions from connecting a non-company owned device to the internal network.
Secondly, why not get a dock for your workstation or a KVM switch and connect all of your peripherals that way?
As someone who works in infosec, this would be a hard no for me.
Using a personal machine with company software and networks is rarely a good idea unless your are running remote virtual machines like VMware Workstation or Citrix. You also have no idea what other security mechanisms are implemented on your work machine, like Single Sign On or other services. AnyConnect may also require additional software like Antivirus or the network may check the MAC address of your computer to allow access.
Your company may also prohibit non company issued/maintained from accessing their systems in policy, so you may be risking your job.
the chances of this being able to happen are possible but slim. Your IT corporate policy probably has very selective DAP (dynamic access policy) on the ASA that runs the anyconnect transaction. When you attempt to establish a connection into the VPN endpoint (server address), after you submit your login credentials, it asks for certain information and a 2way exchange happens. It asks what OS you are using, it ask what’s the latest KB update you’ve had, it’ll ask if you are using an AV/FW/windows defender, if it’s done any updates in X amount of days. They can fine tune this policy and if your HOST scan fails, you won’t be able to establish a connection. This host scan ensures that there is nothing compromising on your machine that expose’s their network once you log in. My guess is they don’t want you doing it on your home machine but they may make exceptions, or you’ll come to find they only allow something Like crowdstrike and you’re not gonna want to foot the bill for a license to make your home machine host scan compliant. But it doesn’t hurt to ask!
Point taken! That’s fine. In this area, I don’t know what I don’t know, so thank you for clarifying that it could pose a significant risk.
A risk to the company network.
And a bigger risk to your employment, especially if you signed and agreed to certain IT policies that you may have forgotten about.