Solved: AnyConnect+ACS+Client Cert authentication

KevinYounil1 · ‎12-29-2017

Hello,

I have set up an SSL AnyConnect on ASA and using ACS for authentication. I am wondering if it is possible to use ACS for Machine authentication using certificates before user authentication. Any document or help would be highly appreciated.

Thanks,

Kevin

Bogdan Nita · ‎12-29-2017

A SSL VPN connection will terminate the certificate authentication on the ASA. The ACS can not authenticate based on certificate, because the certificate will not be sent to the ACS.

Secondary certificate authentication can be set up on the ASA:

http://www.labminutes.com/sec0127_ssl_vpn_anyconnect_client_certificate_double_authentication_1

View solution in original post

Bogdan Nita · ‎12-29-2017

A SSL VPN connection will terminate the certificate authentication on the ASA. The ACS can not authenticate based on certificate, because the certificate will not be sent to the ACS.

Secondary certificate authentication can be set up on the ASA:

http://www.labminutes.com/sec0127_ssl_vpn_anyconnect_client_certificate_double_authentication_1

KevinYounil1 · ‎12-29-2017

Thank you Bogdan for the provided link, In this video user certificate is being test and ASA does this test. What I am looking for is to find a way to do Computer authentication(certificate) with ACS.

Thanks again

KevinYounil1 · ‎12-29-2017

Sorry, I just realized that ASA can not send certificate to ACS. Have you got any resource about using computer certificate instead of user certificate in this scenario?