Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3608
Views
0
Helpful
1
Replies

Anyconnect VPN Machine only authentication

MMstre
Level 3
Level 3

‎06-29-2015 07:30 PM - edited ‎02-21-2020 08:19 PM

I have been asked if it is possible to configure an anyconnect profile that supports machine only authentication. My customer has domain machine certs currently in use for dot1x on the LAN. 
They would like to extend this to VPN as well.

They are not looking for dual auth, simply if the machine cert exists, allow the VPN to establish.

They are running an ASA 5515x with 9.1 or 9.2 (not sure if the slight rev. difference is critical).

Thanks for any assistance

 

Mike

Labels:
0 Helpful
1 Reply 1

Deepak Kumar
Level 1
Level 1

‎06-30-2015 12:45 PM

  1. Yes, you can use the machine cert for anyconnect authentication on the ASA. It is just cert is available in machine store.
  2.  Please check the link below for cert authentication.

https://supportforums.cisco.com/blog/152941/anyconnect-certificate-based-authentication

  1. In anyconnect profile use machine cert store:-

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac13vpnxmlref.html#28569

0 Helpful
Customers Also Viewed These Support Documents