Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
4
Helpful
1
Replies

Certificate only authentication method with AnyConnect.

andyhibbert
Level 1
Level 1

‎07-08-2011 06:36 AM - edited ‎02-21-2020 05:26 PM

Has anyone got any instructions to configure an ASA to allow authentication by certificate only on an AnyConnect vpn?

I'm running an ASA 5505 with 8.4(1) and AnyConnect 2.4.7030 on an Android phone.

I currently have the AnyConnect client connecting ok using username / password for authentication.

I have loaded the company root certificate (internally generated) into the ASA "CA Certificates" and generated an Identity Certificate for the ASA.

What do I do next?

Thanks

Andy

Labels:
0 Helpful
1 Reply 1

Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-10-2011 10:27 AM

Hi Andy,

You just need to configure the following on your Anyconnect tunnel-group:

asa5505-23(config)# tunnel-group test webvpn-attributes

asa5505-23(config-tunnel-webvpn)# authentication certificate

Once this is done, import your CA certificate as a trustpoint on your ASA. Users with a cert generated by this CA imported on their phone should be able to connect without username and password.

Regards,

Nicolas

PS: If you add aaa at the end of the authentication command, users will need both a certificate and a valid user/pass to connect.

Customers Also Viewed These Support Documents