04-25-2020 10:26 PM
Hello All!
I just purchased two FirePower 2110's and I just setup basic AAA Remote Access. I've actually been getting the run-around with Cisco on trying to figure out how to configure AnyConnect to authenticate with a Machine Certificate instead.
Is anyone aware if this is possible?
If so, can anyone help out?
If not, why can't I and what can I do to do this?
04-26-2020 03:41 AM
Hi,
you can choose authentication method as client certificate only to achieve this under Remote access VPN configuration.
You currently are using PKI Server in your environment ? One of the limitation is that Firepower itself cannot be CA Server.
for limitations:
for configuration:
04-26-2020 12:58 PM
Yes, we will be creating certs ourselves from a server we manage.
As far as the "Client Certificate" is that client as in User or just client as an endpoint device? That would suck if it doesn't support Computer Certificates.
If it doesn't support Computer Certs, would adding the ASA package resolve this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide