Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
178
Views
0
Helpful
3
Replies

Anyconnect VPN will server certificate and AD authentication

S891
Level 2
Level 2

‎08-09-2015 12:42 PM - edited ‎02-21-2020 08:23 PM

I am trying to look for configuration for ASA Anyconnect VPN. I will be using a  VPN server certificate and also configuring AD authentication.

What I mostly see is Certificate authentication is used as part of dual authentication. Can anyone point me to the correct guide/configuration?

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎08-09-2015 01:33 PM

The ASA is always authenticated with the server-certificate of the ASA.

Do I understand you right that you want to authenticate the user just by username/password against the AD?

Then in the connection-profile (tunnel-group in CLI) you only have to choose "AAA" and point to an aaa-server-group that uses the AD. For that you have the choice to use RADIUS against the Windows NPS or to use LDAP. RADIUS with NPS will give you some more flexibility.

0 Helpful

S891
Level 2
Level 2
In response to Karsten Iwen

‎08-09-2015 01:56 PM

Yes, I only need AD authentication to be performed. I am looking for step-by-step config guide. 

0 Helpful

Karsten Iwen
VIP
VIP
In response to S891

‎08-09-2015 02:21 PM

Perhaps this document can help you:

https://supportforums.cisco.com/document/57886/asavpnwithnpsdocx

0 Helpful
Customers Also Viewed These Support Documents