Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
2
Replies

Can I use certificates/PKI to access a Cisco firewall?

Go to solution
hoffa2000
Level 3
Level 3

‎10-21-2011 01:24 AM - edited ‎03-11-2019 02:40 PM

Hello folks

We've been discussing leveraging our PKI structure and firewall authentication and I'd like som input.

We have an internal CA structure built around the Microsoft service where we assign certificates and key chains to users in the domain. These certificates are then used to access different network and IT resources like WLAN and file shares. However the network infrastructure it self is still accessed using account name and password from a Radius server.

This is the best way I know of to secure the access to network devices but how about certificates? Some of our Linux servers authenticate users based on the private/public key used with SSH and I wounder if the same setup could be user with our Cisco equipment?

Regards

Fredrik Hofgren

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eugene Khabarov
Level 7
Level 7

‎10-23-2011 12:12 AM

Hi! This functionallity was added in 15.0M branch. So now you can use rsa key chain authentication in IOS like on *nix boxes. Here is good article by Ivan Pepelnjak:

http://blog.ioshints.info/2009/10/ssh-rsa-authentication-works-in-ios.html

---

HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer."

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Eugene Khabarov
Level 7
Level 7

‎10-23-2011 12:12 AM

Hi! This functionallity was added in 15.0M branch. So now you can use rsa key chain authentication in IOS like on *nix boxes. Here is good article by Ivan Pepelnjak:

http://blog.ioshints.info/2009/10/ssh-rsa-authentication-works-in-ios.html

---

HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer."

0 Helpful

Go to solution
hoffa2000
Level 3
Level 3
In response to Eugene Khabarov

‎10-24-2011 01:13 AM

Thank you for the tip, PKI on routers is a good start but still leaves the firewalls. At least it shows that Cisco is on the right track.

Regards

Fredrik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card