cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1338
Views
0
Helpful
0
Replies
Eric R. Jones
Participant

configure ASA 5585 9.10 to use pki/cac access on CLI

Hello, we have configured our edge devices with 802.1x and modified the AAA settings to allow access to the CLI using PKI/CAC cards rather than Username/Password. This is done using ISE 2.4 as the AAA server.

The configuration required setting up radius and tacacs+ groups, modifying the aaa authentication and authorization settings to lin clude these new groups and creating a trustpoint.

Creating the trustpoint is done in this manner

 

!#create trustpoint

config t

crypto pki trustpoint "trustpoint name"

enrollment terminal
revocation-check none
authorization username alt-subjectname userprinciplename
exit

crypto pki authenticate "trustpoint-name"

 

"-----BEGIN CERTIFICATE-----

key data~

"-----END CERTIFICATE-----"

 

!#We then regnerate the rsa key

crypto key generate rsa modulus 2048 label "labename" usage-keys

 

!#Now setup ip ssh settings

default ip ssh server authenticate user
ip ssh server algorithm authentication publickey keyboard
ip ssh server algorithm publickey x509v3-ssh-rsa

 

Is there a way to create this int he ASA from CLI or ASDM?

I've been googling around but not much luck in finding out if this can even be done on an ASA.

 

ej

0 REPLIES 0
Content for Community-Ad