Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
2
Replies

AnyConnect Machine Cert Authentication

gilbert.aispuro1
Level 1
Level 1

‎04-25-2020 10:26 PM

Hello All!

I just purchased two FirePower 2110's and I just setup basic AAA Remote Access. I've actually been getting the run-around with Cisco on trying to figure out how to configure AnyConnect to authenticate with a Machine Certificate instead. 

Is anyone aware if this is possible?

If so, can anyone help out?

If not, why can't I and what can I do to do this?

Labels:
0 Helpful
2 Replies 2

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎04-26-2020 03:41 AM

Hi,

 

you can choose authentication method as client certificate only to achieve this under Remote access VPN configuration.

 

You currently are using PKI Server in your environment ? One of the limitation is that Firepower itself cannot be CA Server.

 

for limitations:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_certificate_based_authentication.html#id_41510

 

for configuration:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_remote_access_vpns.html

0 Helpful

gilbert.aispuro1
Level 1
Level 1
In response to Muhammad Awais Khan

‎04-26-2020 12:58 PM

Yes, we will be creating certs ourselves from a server we manage. 

As far as the "Client Certificate" is that client as in User or just client as an endpoint device? That would suck if it doesn't support Computer Certificates. 

If it doesn't support Computer Certs, would adding the ASA package resolve this?

0 Helpful
Customers Also Viewed These Support Documents