Hi,all
I have a testing in ASA5510,achieve ipsec remote vpn + certificate authentication + AAA radius username , password authentication and clientless webvpn + certificate authentication + aaa radius username , password authentication。
ipsec remote vpn and clientless webvpn + aaa radius is work ,but clientless webvpn + aaa radius + aaa radius is doen't work.
the config with webvpn as below
crypto ca trustpoint CA
enrollment terminal
subject-name CN=VPN-Test.perlos.com,OU=IT,O=perlos,C=CN,St=GD,L=GZ
serial-number
keypair MY.KEY
crl configure
ssl encryption aes256-sha1 3des-sha1 aes128-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1
ssl trust-point CA outside
ssl certificate-authentication interface outside port 443
webvpn
enable outside
tunnel-group-list enable
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group (outside) vpn
password-management password-expire-in-days 90
authorization-required
tunnel-group DefaultWEBVPNGroup webvpn-attributes
authentication certificate
when we connect to https://outside-ip-address with IE the IE promte choose the certificate ,choosed the certificate click ok and disconnect
the ASDM log as below
| Teardown TCP connection 2974 for outside:59.37.4.186/41455 to identity:59.37.4.180/443 duration 0:00:00 bytes 2857 TCP Reset-O |
| SSL session with client outside:59.37.4.186/41455 terminated. |
| Device completed SSL handshake with client outside:59.37.4.186/41455 |
| Certificate chain was successfully validated with warning, revocation status was not checked. |
| Certificate was successfully validated. serial number: 27F90AF8000000003B25, subject name: ea=Alan.Fang@perlos.com,cn=Fang Alan,ou=Users,ou=GIM,dc=global,dc=perlos,dc=corp. |
| Starting SSL handshake with client outside:59.37.4.186/41455 for TLSv1 session. |
