Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
10
Helpful
2
Replies

Configure NAM for EAP-TLS

sqambera
Level 1
Level 1

‎03-29-2018 02:27 PM - edited ‎02-21-2020 10:52 AM

Hello,

I want to configure NAM in Windows for certificate based machine authentication and password based used authentication using EAP-TLS. It seems its mandatory to use user certificate in NAM when we select EAP-TLS. Is there a way that we could enable EAP-TLS with MSCHAP for user authentication instead of certificate?

 

Thanks for the help.

Qamber 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎03-29-2018 02:35 PM

Hi,

Yes you can use EAP-TLS for machine and PEAP/MSCHAPv2 for user authentication. You will need the AnyConnect Profile Editor. Open the Network Access Manager console, create a new profile, select Machine and User Connection and when prompted select EAP-TLS for machine authentication and PEAP (MSCHAPv2 should be automatically checked in the box below). Save the profile and restart AnyConnect, select the new profile and hopefully authentication should work as expected.

 

HTH

 

 

sqambera
Level 1
Level 1
In response to Rob Ingram

‎04-09-2018 09:26 AM

Thank you for replying. So does it mean that MSCHAPV2 for user authentication is not supported in EAP-TLS and we will need to select a different EAP type (PEAP as you mentioned) to do so?

 

Regards,

Qamber

0 Helpful
Customers Also Viewed These Support Documents