https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93146#M4699 <P>Can I use a MS certificate server to authenticate PCs going through a 3015 VPN concentrator? The need is to ensure that we only allow approved PCs through the link. Using a shared secret is not enough because an end user that knows the shared secret can load the vpn client on another box and configure to connect.</P><P></P><P>Any help would be greatly appreciated.</P><P></P><P>Thanks.</P> Fri, 21 Feb 2020 18:04:24 GMT rob.wright 2020-02-21T18:04:24Z https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93146#M4699 <P>Can I use a MS certificate server to authenticate PCs going through a 3015 VPN concentrator? The need is to ensure that we only allow approved PCs through the link. Using a shared secret is not enough because an end user that knows the shared secret can load the vpn client on another box and configure to connect.</P><P></P><P>Any help would be greatly appreciated.</P><P></P><P>Thanks.</P> Fri, 21 Feb 2020 18:04:24 GMT https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93146#M4699 rob.wright 2020-02-21T18:04:24Z https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93147#M4700 <HTML><HEAD></HEAD><BODY><P>You can use certificates for authenticaqtion instead of pre-shared keys, if that is what you meant :</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/471/installboth.html" target="_blank">http://www.cisco.com/warp/public/471/installboth.html</A> .</P><P>Regards,</P><P></P></BODY></HTML> Sat, 12 Oct 2002 02:55:19 GMT https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93147#M4700 edadios 2002-10-12T02:55:19Z https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93148#M4701 <HTML><HEAD></HEAD><BODY><P>Yes you can, but the CA must be a Certificate server in an AD domain. The concentrator does an LDAP lookup to AD. </P></BODY></HTML> Mon, 14 Oct 2002 11:38:38 GMT https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93148#M4701 nick.garigliano 2002-10-14T11:38:38Z https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93149#M4702 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply. So a standalone Win2000 server running as a CA will not work? This is pretty helpful as we are also ramping up to AD right now, I will have to make sure this is available prior to my implementation.</P><P></P><P>Any documentation on this specific subject? Any links?</P><P></P><P>Thanks Again.</P></BODY></HTML> Thu, 17 Oct 2002 19:12:18 GMT https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93149#M4702 rob.wright 2002-10-17T19:12:18Z https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93150#M4703 <HTML><HEAD></HEAD><BODY><P>If I remember correctly, it was about a year ago, the concentrator uses LDAP to check the CRL and the only way to get a MS CA to respond to an LDAP lookup is to have the CA on an AD Domain Controller. You also need to enable LDAP on your interface filters.</P></BODY></HTML> Thu, 17 Oct 2002 19:24:49 GMT https://community.cisco.com/t5/network-access-control/3015-needs-to-authenticate-pcs-before-permiiting-access/m-p/93150#M4703 nick.garigliano 2002-10-17T19:24:49Z