ACS ASA VPN Multiple Authentication Method

fahadafzal · ‎06-27-2013

Hello there,

I am trying to configure certificate and password based authentication for all users, except for some users who will get authenticated by entering password only. Certificate + Password authentication is working like a charm and AAA Password only authentication is also working fine but they are not working simultaneously.

When I configure certificate + password authentication, then it password only athentication does not work and vise versa.

I want laptop remote access users get authenticated by certificate+password, and mobile users by password only. The reason behind doing it is that it is hard to import and install Internel CA certificate on mobile devices such as iphone, ipads, andriods..

Is it possible to enforce all users to present certificate. In case of failure, it asks username and password. Only mobile users will get access without certificate.

I am running ASA 8.2.5 and ACS 5.2

Please help.

Thanks..

harvisin · ‎07-01-2013

Hello,

May the following link help you out :-

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/eap_pap_phase.html

johnattard · ‎09-18-2013

HI

i am currently working on a similar implementation but finding it hard finding the correct information. Unfortunity i dont have an answer for your question but I was wondering if you could help me out and highlight how you have done this.

Is the certificate and username/password getting authenticated by the ACS for the SSLVPN to succeed?

Thanks