Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

Is strong 2FA with client cert and AD using AnyConnect possible?

jaime.castells
Level 1
Level 1

‎03-17-2015 10:41 AM - edited ‎02-21-2020 08:08 PM

Is it possible to configure AnyConnect to require a client cert that matches the AD username?  Which attribute should be used?  Common name (CN) or something else?  Can anyone point me to the appropriate documentation on setting up this configuration?

 

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-18-2015 01:36 AM

Jaime, 

If you want binary comparison of the certificate I  believe it's only possible with EAP methods. 

That being said, you can extract multiple things from certificate to be used a authentication username. 

Have a look at this doc 

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

It shows a couple of different ways to do this on ASA.

 

On IOS, I'd suggest looking at FlexVPN feature. 

M.

0 Helpful
Customers Also Viewed These Support Documents