Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
2
Replies

Cisco 3000 PKI authentication via RADIUS

jinyu1
Level 1
Level 1

‎01-17-2004 10:46 PM

I have a Cisco 3005, running software version 4.0.1. I have got following authentication settings working:

1. PKI certificate authentication within the concentrator; no password

2. PKI certificate authentication within the concentrator + password authentication via RADIUS

I am trying to get the following configuration working:

- Authenticating users using PKI via RADIUS server. That is, rather than verifying the certificate in the concentrator, we want to pass user's certificate to a RADIUS server for authentication. No password involved.

I guess this would require RADIUS/EAP. From the documentation, I know RADIUS/EAP works with PPTP and L2TP tunnels. Does it also work with IPSec tunnels?

Jin

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎01-21-2004 06:37 AM

I'm not too sure about this but I don't remember coming across a setup with RADIUS/EAP being used with IPSec tunnels. I guess this is not possible.

0 Helpful

Yossi.Mor
Level 1
Level 1

‎03-11-2004 05:41 AM

You should use MS native VPN client to support L2TP/IPsec tunnel where the IPsec session is between the user client and the concentrator and the L2TP session is between the user's machine and the ACS.

Basically you should enable EAP proxy on the concentrator to forward EAP packets to the ACS server. On the ACS you should select EAP-TLS in the authentication setting and ofcourse enroll certificate for it.

Regards.

Yossi

0 Helpful
Customers Also Viewed These Support Documents