Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
2
Replies

AnyConnect SSL VPN

fatalXerror
Level 5
Level 5

‎09-28-2018 10:01 PM - edited ‎02-21-2020 09:28 PM

Hi guys,

My VPN is using cert based authentication but we just found out that even non-corporate devices can still connect to the VPN by not checking the "Block Untrusted Servers" in the AnyConnect settings. Is it possible to block those non-corporate devices to connect to the VPN by using certificate alone?

 

Is it possible to block those 3rd party certificate right away?

 

Thanks

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-29-2018 12:14 AM

I think you are mixing up the certificate on the server (which is what the check box you mentioned covers) vs. a certificate on the clients.

 

Certificate-based client authentication requires the actual certificate and private key to be present on the client. While it's possible (in most cases) to copy the client certificate to another device it's much more involved than unchecking a checkbox.

 

Confirm your authentication type via the command:

 

     show run tunnel-group

 

The output should include a subcommand indicating the type of authentication being used.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-29-2018 12:21 AM

Yes, this is possible, But depends on how you configured, check the below configuration to help you.

 

https://community.cisco.com/t5/security-blogs/anyconnect-certificate-based-authentication/ba-p/3105546

 

How is the certificate installed to devices, is this pre-defined certificate as part of build ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents