Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1946
Views
0
Helpful
5
Replies

Any Connect VPN Security concern Issue.

Go to solution
MOHAMMAD RAZA
Level 1
Level 1

‎11-30-2014 12:05 AM

Hi Guys,

I have Configured Any Connect VPN on Cisco ASA & our  mobility users are able to connect VPN successfully and access my LAN environment But our senior management is saying it's provide less security & any hacker can easily hack it. 

Can anyone help on this, how can provide more security in Anyconnect VPN, i am thinking about host checking features in Anyconnect but i think it  works only with secure desktop.

 

 

 

Regards,

Nafis Ashique  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to MOHAMMAD RAZA

‎12-01-2014 12:39 AM

In short, you have only some steps:

  1. enroll the root-certificate of your PKI to the clients and to the ASA (if not already done).
  2. enroll the client-certificates to the clients. It will be most easy if they are in the user-store. As far as I know, you can't use the certs that are stored in the IPsec VPN client store.
  3. reconfigure the ASA to use certificate authentication

A little bit more detailed way is shown in this document.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎11-30-2014 02:34 AM

First you should ask your management, which concerns they have. And if they say it provides less security, to what do they compare it?

Of course it has to be setup correctly. Correctly means crypto-settings on the ASA, AnyConnect-config on the client and so on.

Checking the host is only one part of the security and can also be done. For that, nowadays you don't use the secure desktop any more. There is an individual host-scan package for that. But you need the AnyConnect Premium license or the Apex license on AnyConnect 4 for that.

But first lets clear out what the concerns are.

0 Helpful

Go to solution
MOHAMMAD RAZA
Level 1
Level 1
In response to Karsten Iwen

‎11-30-2014 11:03 PM

Actually they are compare with cisco IPsec client base VPN , which have certificate base authentication and in Anyconnect no have any Certificate base authentication features.

 

Regards,

Nafis

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to MOHAMMAD RAZA

‎11-30-2014 11:33 PM

AnyConnect is even more flexible in authentication then the legacy VPN client. And you can also do certificate-based authentication with AnyConnect.

0 Helpful

Go to solution
MOHAMMAD RAZA
Level 1
Level 1
In response to Karsten Iwen

‎12-01-2014 12:05 AM

on ASA i can use certificate authentication in tunnel  ipsec attributes but how can use certificate at Client end.

 

 

Regards,

Nafis 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to MOHAMMAD RAZA

‎12-01-2014 12:39 AM

In short, you have only some steps:

  1. enroll the root-certificate of your PKI to the clients and to the ASA (if not already done).
  2. enroll the client-certificates to the clients. It will be most easy if they are in the user-store. As far as I know, you can't use the certs that are stored in the IPsec VPN client store.
  3. reconfigure the ASA to use certificate authentication

A little bit more detailed way is shown in this document.

0 Helpful
Customers Also Viewed These Support Documents