01-17-2004 10:46 PM
I have a Cisco 3005, running software version 4.0.1. I have got following authentication settings working:
1. PKI certificate authentication within the concentrator; no password
2. PKI certificate authentication within the concentrator + password authentication via RADIUS
I am trying to get the following configuration working:
- Authenticating users using PKI via RADIUS server. That is, rather than verifying the certificate in the concentrator, we want to pass user's certificate to a RADIUS server for authentication. No password involved.
I guess this would require RADIUS/EAP. From the documentation, I know RADIUS/EAP works with PPTP and L2TP tunnels. Does it also work with IPSec tunnels?
Jin
01-21-2004 06:37 AM
I'm not too sure about this but I don't remember coming across a setup with RADIUS/EAP being used with IPSec tunnels. I guess this is not possible.
03-11-2004 05:41 AM
You should use MS native VPN client to support L2TP/IPsec tunnel where the IPsec session is between the user client and the concentrator and the L2TP session is between the user's machine and the ACS.
Basically you should enable EAP proxy on the concentrator to forward EAP packets to the ACS server. On the ACS you should select EAP-TLS in the authentication setting and ofcourse enroll certificate for it.
Regards.
Yossi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide