06-23-2011 04:29 AM
Hi All,
We have terminated our client based VPN on ASA firewall. Is it possible to authenticate users with certificate. Certificate server being our ASA itself.
Our requirement is to have :- user should use only company provided laptop to connect VPN.I believe this is possible with certificate authentcation.Is there any other way to have this control.
Thanks
-uthay
Solved! Go to Solution.
06-28-2011 02:11 AM
Hi Uthay,
It is indeed possible to authenticate your VPN client users with certificates and it will prevent hosts that don't have their certificate installed on their machine to connect.
Regarding te use of the ASA as Local CA, I would advise you to only use it if you have Anyconnect as client and not the classical IPSEC client.
The ASA local CA was implemented to be used for WebVPN and Anyconnect sessions only so I would advise you to use an external CA if your client is the IPSEC one.
Regards,
Nicolas
06-28-2011 02:11 AM
Hi Uthay,
It is indeed possible to authenticate your VPN client users with certificates and it will prevent hosts that don't have their certificate installed on their machine to connect.
Regarding te use of the ASA as Local CA, I would advise you to only use it if you have Anyconnect as client and not the classical IPSEC client.
The ASA local CA was implemented to be used for WebVPN and Anyconnect sessions only so I would advise you to use an external CA if your client is the IPSEC one.
Regards,
Nicolas
07-14-2011 01:16 AM
Hi Thanks for the suggestion.
Will try external CA. Any support links will be more helpful.
Thanx
uthay
07-14-2011 01:19 AM
Hi Uthay,
Here is a document that describes how it can be setup with a MS CA:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
Regards,
Nicolas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: