Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

vpn authentication question

S891
Level 2
Level 2

‎08-10-2015 11:35 AM

hi,
 
I have ASA with two VPNs. I am planning to use unique public CA certificate for each vpn and then use AD authentication. I am reading documents and slightly confused with two level authentication using CA and RADIUS. In my scenario the CA certificate is only to verify that it is valid site and Certificate is not used for authentication. I am trying to understand the difference and how it would affect my config when you have two level authentication using CA and Radius versus my approach. Can anyone  suggest?
 
What do I need for anyconnect vpn for Cert based validation and AD authentication? Do I need  IKEv2 or SSL config for the anyconnect ? 
Labels:
0 Helpful
1 Reply 1

Puneesh Chhabra
Cisco Employee
Cisco Employee

‎08-10-2015 05:44 PM

If you're not using Certificates for user authentication, it will not be considered as 2 factor.

 

You just need to generate CSR, get your ID and CA Certficates and import them on ASA.  It will help clients validate the ASA url and will not give you "untrusted" message when you try to connect.

 

Under tunnel group, add radius server as authentication server group and you should be good to go.

 

Regards,

Puneesh

Please rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents