11-28-2018 10:54 PM
Hi all,
So I have Cisco ASA as VPN gateway and using certificate only for authentication because I am using Smart Card, and I also have Cisco ISE that have to AAA the VPN user, but I want the authentication for every user do not need to input the username and password, they use only the smart card for authenticate and login for the VPN access.
There is any possible way to do that?
Thanks
Solved! Go to Solution.
11-29-2018 11:10 AM
Interesting. I believe you can achieve this by using ISE (Radius) for Authorization only. Authentication will still happen via Certificate, but authorization will pick the username from the cert and send it to ISE. There you can use user/AD based policies to provide authorization permissions to the user (VPN filter etc.). You would have to add ISE as a Authorization server as seen below:
I have not personally tried this exact scenario, but see no reason why this would not work.
11-29-2018 08:05 AM
here is the one of the old document should help you to work for it.
good thread for reference :
11-29-2018 11:10 AM
Interesting. I believe you can achieve this by using ISE (Radius) for Authorization only. Authentication will still happen via Certificate, but authorization will pick the username from the cert and send it to ISE. There you can use user/AD based policies to provide authorization permissions to the user (VPN filter etc.). You would have to add ISE as a Authorization server as seen below:
I have not personally tried this exact scenario, but see no reason why this would not work.
12-02-2018 11:32 PM
Hi Rahul,
Thank you that way is working
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide