Two factor remote access VPN
cisco_trooper
Member Posts: 1,441 ■■■■□□□□□□
in CCNP
I'm working on trying to utilize user certificates as a means to make our remote access VPNs more secure. The trouble I am having is in finding a way to tell the ASA to use the user certificates as part of then authentication process. Currently I have remote access VPN tunnels set up with pre-shared keys. Each user authenticates via a domain account through RADIUS. Rather than using just Group Authentication, I want to use Mutual Authentication so the user has to have a valid certificate issued through my Microsoft CA. My ASA has been authenticated with the Microsoft CA.
I guess the question is, how do I configured the remote access tunnel to use the user certificate as well?
I'm not find any good examples OR documentation on this. I'm to the point now that I have spent so much time looking at it that I just keep looking at the same things over and over again. I think I have tunnel vision.
Can someone PLEASE point me in the right direction...??
I guess the question is, how do I configured the remote access tunnel to use the user certificate as well?
I'm not find any good examples OR documentation on this. I'm to the point now that I have spent so much time looking at it that I just keep looking at the same things over and over again. I think I have tunnel vision.
Can someone PLEASE point me in the right direction...??
Comments
-
ccie_in_the_making
Member Posts: 27 ■□□□□□□□□□
Not familiar with it for ra vpns, I usually use certs for site to site tunnels. I cant imagine it would be too difficult though. check out the links below
http://www.cisco.com/en/US/partner/products/ps6120/prod_configuration_examples_list.html
http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080930f21.shtml