Cisco ASA 5515-X Firewall Edition - security appliance smartcard authentication possible?

alex.straub1 · ‎01-07-2015

We're considering purchasing a Cisco ASA 5515-X Firewall Edition - security appliance, but I don't seem to be able to find anywhere in the docs if smartcard authentication is possible with this device. The only thing I did explicitly find is that CLI won't allow smartcard authentication.

Any insight?

Marvin Rhoads · ‎01-07-2015

There are several means by which a Smartcard infrastructure can be integrated with an ASA. The primary and most common one I see is when the Smartcards are used in conjunction with your Active Directory infrastructure and the ASA authentication method includes your AD server(s).

The other method is whereby the Smartcard is a repository for the user certificate and the ASA is setup to use certificate-based authentication. There a somewhat dated (but mostly valid conceptually) guide on doing that here:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/107237-CAC-Anyconnect.html

alex.straub1 · ‎01-07-2015

Thank you so much for your answer.

I took a look at the document. Does that also apply to the Cisco ASA 5515-X Firewall Edition?

It seems all documents always refer to ASA 5500 series, and I just want to make sure there isn't a special caveat with the 5515

Marvin Rhoads · ‎01-07-2015

You're welcome.

There's no special caveat with that bundle.

You would (as with any ASA used in this context) need to have the free 3DES-AES license activated if you're using SSL VPN.

Please rate helpful answers and mark your question as answered if it has been.