cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
266
Views
0
Helpful
1
Replies
Highlighted

Anyconnect VPN Machine only authentication

I have been asked if it is possible to configure an anyconnect profile that supports machine only authentication. My customer has domain machine certs currently in use for dot1x on the LAN. 
They would like to extend this to VPN as well.

They are not looking for dual auth, simply if the machine cert exists, allow the VPN to establish.

They are running an ASA 5515x with 9.1 or 9.2 (not sure if the slight rev. difference is critical).

Thanks for any assistance

 

Mike

Everyone's tags (1)
1 REPLY 1
Beginner

Yes, you can use the machine

  1. Yes, you can use the machine cert for anyconnect authentication on the ASA. It is just cert is available in machine store.
  2.  Please check the link below for cert authentication.

https://supportforums.cisco.com/blog/152941/anyconnect-certificate-based-authentication

  1. In anyconnect profile use machine cert store:-

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#28569