Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1121
Views
0
Helpful
5
Replies

ASA/AnyConnect: IPSec VPN - authentication only with certificates

Go to solution
danielscharf
Level 1
Level 1

‎04-29-2011 03:30 AM - edited ‎03-11-2019 01:27 PM

Hi,

is there any possibility to authenticate ipsec vpn only with certificates (like cisco concentrator 3000). It seems to me that cisco asa extract information from certificate and check against an user-database (local, radius and so on)

thank you

kind regards

daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to danielscharf

‎05-03-2011 03:32 AM

Daniel,

A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.

Regarding IKEv1 authentication settings they are here.

Marcin

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎05-01-2011 03:14 AM

Daniel,

If you're talking about pure IKE:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i3.html#wp1881490 set this to "none"

For webvpn:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1665163 set this to "certificate" only.

Orrrrrr are you using IKEv2 on anyconnect?

Marcin

0 Helpful

Go to solution
danielscharf
Level 1
Level 1
In response to Marcin Latosiewicz

‎05-02-2011 11:19 PM

Hi Marcin,

I would like to use IKEv2 with cisco AnyConnect...

Thank you for the links - I will study that.

Kind regards

Daniel

0 Helpful

Go to solution
danielscharf
Level 1
Level 1
In response to Marcin Latosiewicz

‎05-03-2011 02:38 AM

Hi Marcin,

the first document is very helpul but do you know where the option 'ikev1 user-authentication' (CLI) can be configured also over ASDM ??? In my opinion that should be possible at connection profile configuration but theres is no option...

thank you

kind regards

daniel

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to danielscharf

‎05-03-2011 03:32 AM

Daniel,

A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.

Regarding IKEv1 authentication settings they are here.

Marcin

0 Helpful

Go to solution
danielscharf
Level 1
Level 1
In response to Marcin Latosiewicz

‎05-03-2011 11:49 PM

Hi Marcin,

thank you a lot, that helps me!

Kind regards

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card