Are you talking about each

jerryblack143 · ‎03-28-2017

Hello,

I am trying to figure out how to configure Cisco Anyconnect to authenticate any VPN connection with both the username/password and a self-signed certificate.

The reason why i am trying to implement this is because we want to prevent any user who does not have a company provided device from downloading the Anyconnect application and logging into the network with his personal device.

I am trying to achieve this without buying an SSL certificate from a trusted CA. The goal is to use self signed certificate to achieve this

Rahul Govindan · ‎03-28-2017

Are you talking about each user having their own self-signed certificate? This would mean you would need to upload the self-signed cert of each user on the ASA. An easier method would be to leverage the CA server capability of the ASA for SSLVPN session and have users enrolled for a certificate from the ASA.

jerryblack143 · ‎03-28-2017

Thank you Rahul for your response.

Do you happen to have any resource or material that can help me implement this

Rahul Govindan · ‎03-28-2017

I would reference these 2 documents: One for double authentication with AAA and certificate and one for Anyconnect with Local CA.

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200602-Configure-ASA-as-a-Local-CA-Server-and-A.html

jerryblack143 · ‎03-28-2017

Thank you. I will try these and update

Configuring Cisco Anyconnect to Authenticate with both Username/Password and Self-Signed Certificate