cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
953
Views
1
Helpful
9
Replies

FTD 1010 Base User Authentication Certificate

saids3
Level 1
Level 1

I have FTD 1010 without center interface basically not connected to management Center interface just locally - I have configured the anyconnect and working perfectly in AAA authentication. I need to switch to certificate authentication without having to enter any password…. If you would help with clear instructions please. 

1 Accepted Solution

Accepted Solutions

@saids3 thats because you haven't defined the group like I said you needed to.

<ServerList>
 <HostEntry>
  <HostName>TEST</HostName>
  <HostAddress>TEST.TEST.COM</HostAddress>
  <UserGroup>HOMEVPN</UserGroup>

View solution in original post

9 Replies 9

@saids3 there doesn't appear to be a cisco guide for certificate authentication on FDM.

Under the Client Configuration, change the Authentication Type to Client Certificate Only

RobIngram_0-1684569028906.png

The user/computer will need a user/machine certificate, which is trusted by the FTD. Go to Objects > Object Types > Certificates to configure the certificates.

Thank you Rob - I will check it and keep you informed 

Rob - worked very well - much appreciated - just one more thing I need to disable the pop-up during the connection (Group). 

@saids3 create an anyconnect profile that connects to the specified group alias/url, this must be deployed to the users' devices.

Open the Secure Client VPN Editor (separate installation file, download from the cisco site). Go to server list and add an entry. Specify your FQDN and User Group (alias/url). Then save the configuration file to C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile and restart the client.

RobIngram_0-1684581909506.png

 

This is my normal xml but still getting the group - can you have a look?

@saids3 thats because you haven't defined the group like I said you needed to.

<ServerList>
 <HostEntry>
  <HostName>TEST</HostName>
  <HostAddress>TEST.TEST.COM</HostAddress>
  <UserGroup>HOMEVPN</UserGroup>

Rob - just sharing for everyone - I have added the group. please see attached photo - working perfectly 

Review Cisco Networking for a $25 gift card