Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
0
Replies

FTD 6.2.2 Anyconnect and parse username from certificate

hoffa2000
Level 3
Level 3

‎10-02-2017 10:44 PM - edited ‎02-21-2020 06:24 AM

Hi all

I'm doing some POC trials migrating an Anyconnect feature from ASA to FTD since Cisco has now released support for that. I'm using dual authentication where a certificate is used for getting username which is then used for assigning VPN policy. AAA i performed by Radius running as a Windows NPS service. It's working fine on the ASA platform but on FTD there is an issue with usernames containing non-unicode characters. As I operate in the Nordic countries this is a requirement.

The FTD validates the certificate and claims to parse the username properly but when I view the VPN Troubleshooting on the FMC it lists the name of the user, for example, as Gr??nkvist instead of Grönkvist. The NPS logs then says the received X509 username has the wrong domain name and when looking closely the domain name has been cut short.

This only occurs when the username has an "international character", otherwize the setup works fine. To me it seems like some parsing script breaks on the FTD.

 

Any thought?

 

Regards

Fredrik

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card