Solved: Re: Anyconnect 802.1x & Machine certificate

khanasim781 · ‎07-30-2018

Hi All

I hope you can help. I've searched for a bit but cannot find what the answer to this one.

Our current office environment is using 802.1x , Win 10 clients with Machine certs and a Windows NAC (PEAP) and all works fine.

We're going to be rolling out Anyconnect v4 with NAM soon and on our test machines wired (802.1x) connectivity works fine but wireless (802.1x) doesnt.

On the AC VPN profile I've looked at setting the Certificate store to "machine" with the "certificate store override" button checked but as this is the VPN profile, does Anyconnect have to be connected to the VPN for this to take affect?

Could you guys think of any other setting on Anyconnect or NAM that i need to change?

Thanks

AK

pcarco · ‎07-30-2018

The setting you mention is intended to assist during Certificate authentication of your vpn sessions.

Certificate Store Override—Allows an administrator to direct AnyConnect to search for certificates in the Windows machine certificate store when the users do not have administrator privileges on their device

Best regards,

Paul

View solution in original post

pcarco · ‎07-30-2018

The setting you mention is intended to assist during Certificate authentication of your vpn sessions.

Certificate Store Override—Allows an administrator to direct AnyConnect to search for certificates in the Windows machine certificate store when the users do not have administrator privileges on their device

Best regards,

Paul

asimk · ‎08-03-2018

Hi Paul

Thanks for the info.

So how do I set NAM to look at the machine certs rather than user for 802.1x authentication?

Thanks

AK

hslai · ‎08-04-2018

Choose Machine Connection in Networks, Network Connection Type Pane