Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
0
Helpful
1
Replies

Configuring access with Certificate or AAA on ASA5520

ionalonso
Level 1
Level 1

‎02-17-2010 08:53 AM - edited ‎03-10-2019 04:57 PM

Hi there!

I'm trying to configure a Cisco ASA 5520 to authenticate SSL VPN users via either certificate or local AAA, ie, normally the user will connect with a certificate but from time to time, users may forget their card at work and I would like to offer them an alternative way of logging via user and password.

When I try to configure this:

I access to Remote Access VPN > Clientless SSL VPN Access > Connection Profiles > Basic

The device gives 3 authentication methods: AAA, certificate and both

The question is: Is there anyway of configuring certificate as the main authentication method and AAA as a backup method?

Thank you in advance

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎02-18-2010 10:32 AM

This will be possible in the future, currently the following bug will be affecting you

CSCef16611

WebVPN configured for both AAA and Certificate Auth only does certs

Symptom:
If WebVPN authentication is configured for both AAA and certificates in the tunnel-group, only certificate authentication takes place.

Conditions:
WebVPN authentication is configured for both AAA and certificates.

Workaround:
None availble. Currently WebVPN auhenticaiton is by AAA or Certificates, and not both simultaneously.

It will always take CERT if both are configured.

0 Helpful
Customers Also Viewed These Support Documents