cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
428
Views
0
Helpful
2
Replies

Authentication checking

wngwngwng
Level 1
Level 1

Hi All,

We are exploring other options to authenticate devices on the VPN.  Currently we only authenticate our users via RSA tokens.  We would like to move to a model where company managed assets would be able to VPN in with a device certificate and if the employee tried with a personal device it would prompt for RSA credentials.  Basically can we setup a vpn profile to check for device cert first.  If cert is not available then prompt for RSA credentials.

These are ASA 5520s on 8.3(2).

Thanks in advance,

Bill

2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Bill,

yes this should be no problem - you can define 2 tunnel-groups (connection profiles in ASDM terminology), then create a certificate map that maps a connection to the tunnel-group with cert auth, and set the other tunnel-group (with RSA) as default.

hth

Herbert

Hi Herbert,

Does this only apply with SSLVPN profiles or can this be done with IPSec profiles as well?

thanks,

Bill

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: