03-29-2018 02:27 PM - edited 02-21-2020 10:52 AM
Hello,
I want to configure NAM in Windows for certificate based machine authentication and password based used authentication using EAP-TLS. It seems its mandatory to use user certificate in NAM when we select EAP-TLS. Is there a way that we could enable EAP-TLS with MSCHAP for user authentication instead of certificate?
Thanks for the help.
Qamber
03-29-2018 02:35 PM
Hi,
Yes you can use EAP-TLS for machine and PEAP/MSCHAPv2 for user authentication. You will need the AnyConnect Profile Editor. Open the Network Access Manager console, create a new profile, select Machine and User Connection and when prompted select EAP-TLS for machine authentication and PEAP (MSCHAPv2 should be automatically checked in the box below). Save the profile and restart AnyConnect, select the new profile and hopefully authentication should work as expected.
HTH
04-09-2018 09:26 AM
Thank you for replying. So does it mean that MSCHAPV2 for user authentication is not supported in EAP-TLS and we will need to select a different EAP type (PEAP as you mentioned) to do so?
Regards,
Qamber
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide