cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
1
Replies

ASA - WebVPN Client Certificate + AAA Authentication

lmslattery
Level 1
Level 1

Hi

I am trying to configure WebVPN on an ASA to first authenticate a users client certificate and then perform AAA authentication using a username/password pair prior to granting WebVPN access.

Can anyone confirm whether this is possible ?

So far I have client certificate authentication working , however acces is grated without ever prompting for AAA credentials.

My AAA configuration is working correctly as I can successfully authenticate users for access using AAA if I disable client certificate authentication.

In my webvpn tunnel group I have WebVPN authentication selected for both certifcate and AAA.

When I attempt to connect it the user certificate is authenticated successfully howver the ASA appears to be submitting the CN from the cert to the AAA server for authentication rather than prompting for AAA credentials.

Any suggestions would be greatly appreaciated.

Many thanks

Leon

1 Reply 1

j-block
Level 4
Level 4

If WebVPN tunnel-group is set for AAA+Certificate Authentication, the ASA will perform the certificate authentication but skip the followon AAA authenticaiton, and allow session to establish.

Refer this bug-id:CSCsh67971

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: