Solved: Re: FTD 1010 Base User Authentication Certificate

saids3 · ‎05-19-2023

I have FTD 1010 without center interface basically not connected to management Center interface just locally - I have configured the anyconnect and working perfectly in AAA authentication. I need to switch to certificate authentication without having to enter any password…. If you would help with clear instructions please.

Rob Ingram · ‎05-20-2023

@saids3 thats because you haven't defined the group like I said you needed to.

<ServerList>
<HostEntry>
<HostName>TEST</HostName>
<HostAddress>TEST.TEST.COM</HostAddress>
<UserGroup>HOMEVPN</UserGroup>

View solution in original post

Rob Ingram · ‎05-20-2023

@saids3 there doesn't appear to be a cisco guide for certificate authentication on FDM.

Under the Client Configuration, change the Authentication Type to Client Certificate Only

The user/computer will need a user/machine certificate, which is trusted by the FTD. Go to Objects > Object Types > Certificates to configure the certificates.

saids3 · ‎05-20-2023

Thank you Rob - I will check it and keep you informed

saids3 · ‎05-20-2023

Rob - worked very well - much appreciated - just one more thing I need to disable the pop-up during the connection (Group).

Rob Ingram · ‎05-20-2023

@saids3 create an anyconnect profile that connects to the specified group alias/url, this must be deployed to the users' devices.

Open the Secure Client VPN Editor (separate installation file, download from the cisco site). Go to server list and add an entry. Specify your FQDN and User Group (alias/url). Then save the configuration file to C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile and restart the client.