Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2470
Views
6
Helpful
2
Replies

ASA - WebVPN - Authentication with client certificate

cscherb
Level 1
Level 1

‎06-11-2007 04:46 AM - edited ‎02-21-2020 10:18 AM

Has anyone managed to authenticate with certificates to ASA for WebVPN ?

I configured

tunnel-group DefaultWEBVPNGroup webvpn-attributes

authentication certificate

but still getting the error message

Group <DefaultWEBVPNgroup> User <...> IP <...> Authentication:rejected, Session Type: WebVPN

Labels:
0 Helpful
2 Replies 2

cscherb
Level 1
Level 1
In response to j-block

‎06-15-2007 11:17 AM

I was able to use digital certificates with WebVPN using the folowing configuration:

tunnel-group DefaultWEBVPNGroup general-attributes

authorization-server-group LOCAL

authorization-required

authorization-dn-attributes CN

tunnel-group DefaultWEBVPNGroup webvpn-attributes

authentication certificate

In addition to this configuration I had to add alle CN values of certificates which are allowed to establish a WebVPN session to the local database.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents