cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1045
Views
0
Helpful
3
Replies
uthayaman
Beginner

Certificate authentication for ASA client VPN

Hi All,

We have terminated our client based VPN on ASA firewall. Is it possible to authenticate users with certificate. Certificate server being our ASA itself.

Our requirement is to have :- user should use only company provided laptop to connect VPN.I believe this is possible with certificate authentcation.Is there any other way to have this control.

Thanks

-uthay

1 ACCEPTED SOLUTION

Accepted Solutions
Nicolas Fournier
Cisco Employee

Hi Uthay,

It is indeed possible to authenticate your VPN client users with certificates and it will prevent hosts that don't have their certificate installed on their machine to connect.

Regarding te use of the ASA as Local CA, I would advise you to only use it if you have Anyconnect as client and not the classical IPSEC client.

The ASA local CA was implemented to be used for WebVPN and Anyconnect sessions only so I would advise you to use an external CA if your client is the IPSEC one.

Regards,

Nicolas

View solution in original post

3 REPLIES 3
Nicolas Fournier
Cisco Employee

Hi Uthay,

It is indeed possible to authenticate your VPN client users with certificates and it will prevent hosts that don't have their certificate installed on their machine to connect.

Regarding te use of the ASA as Local CA, I would advise you to only use it if you have Anyconnect as client and not the classical IPSEC client.

The ASA local CA was implemented to be used for WebVPN and Anyconnect sessions only so I would advise you to use an external CA if your client is the IPSEC one.

Regards,

Nicolas

View solution in original post

Hi Thanks for the suggestion.

Will try external CA. Any support links will be more helpful.

Thanx

uthay

Hi Uthay,

Here is a document that describes how it can be setup with a MS CA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

Regards,

Nicolas

Content for Community-Ad