04-29-2011 03:30 AM - edited 03-11-2019 01:27 PM
Hi,
is there any possibility to authenticate ipsec vpn only with certificates (like cisco concentrator 3000). It seems to me that cisco asa extract information from certificate and check against an user-database (local, radius and so on)
thank you
kind regards
daniel
Solved! Go to Solution.
05-03-2011 03:32 AM
Daniel,
A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.
Regarding IKEv1 authentication settings they are here.
Marcin
05-01-2011 03:14 AM
Daniel,
If you're talking about pure IKE:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i3.html#wp1881490 set this to "none"
For webvpn:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1665163 set this to "certificate" only.
Orrrrrr are you using IKEv2 on anyconnect?
Marcin
05-02-2011 11:19 PM
Hi Marcin,
I would like to use IKEv2 with cisco AnyConnect...
Thank you for the links - I will study that.
Kind regards
Daniel
05-03-2011 02:38 AM
Hi Marcin,
the first document is very helpul but do you know where the option 'ikev1 user-authentication' (CLI) can be configured also over ASDM ??? In my opinion that should be possible at connection profile configuration but theres is no option...
thank you
kind regards
daniel
05-03-2011 03:32 AM
Daniel,
A colleague of mine was doing a similar test. Apparently setting webvpn attributes "authentication" to certificate applies also to IKEv2 (as strange as it sounds). I cannot confirm it based on my own exprience but that it looks like it was working correctly.
Regarding IKEv1 authentication settings they are here.
Marcin
05-03-2011 11:49 PM
Hi Marcin,
thank you a lot, that helps me!
Kind regards
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: