cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


807
Views
0
Helpful
5
Replies
Beginner

ASA/AnyConnect: IPSec VPN - authentication only with certificates

Hi,

is there any possibility to authenticate ipsec vpn only with certificates (like cisco concentrator 3000). It seems to me that cisco asa extract information from certificate and check against an user-database (local, radius and so on)

thank you

kind regards

daniel

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Daniel,

A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.

Regarding IKEv1 authentication settings they are here.

Marcin

5 REPLIES 5
Cisco Employee

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Daniel,

If you're talking about pure IKE:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i3.html#wp1881490 set this to "none"

For webvpn:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1665163 set this to "certificate" only.

Orrrrrr are you using IKEv2 on anyconnect?

Marcin

Highlighted
Beginner

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Hi Marcin,

I would like to use IKEv2 with cisco AnyConnect...

Thank you for the links - I will study that.

Kind regards

Daniel

Beginner

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Hi Marcin,

the first document is very helpul but do you know where the option 'ikev1 user-authentication' (CLI) can be configured also over ASDM ??? In my opinion that should be possible at connection profile configuration but theres is no option...

thank you

kind regards

daniel

Cisco Employee

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Daniel,

A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.

Regarding IKEv1 authentication settings they are here.

Marcin

Beginner

Re: ASA/AnyConnect: IPSec VPN - authentication only with certifi

Hi Marcin,

thank you a lot, that helps me!

Kind regards

Daniel