AAA for VPN clients on ASA against Windows IAS using Windows PKI & CA

Unanswered Question
Oct 9th, 2007

Hello,

we're trying to setup ASA 5520 as a VPN gateway for remote users.

ASA is set up as a RADIUS client of Windows Server 2003 IAS service and is connected to Windows CA using the SCEP plugin.

We want to authenticate users with their users' certificates which are generated with Windows Server 2003 Certificate Services and deployed through Active Directory.

We didn't figure out from the documentation yet how to set the ASA to mediate the communication between VPN clients and IAS (RADIUS).

This should be possible from our understanding but we can't find any usefull information in books nor Cisco online documentation. There is one tutorial for v7 here http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml but it's not accurate for v8 which we are using and does not cover the whole topic at all.

Please, confirm our assumption that VPN clients can use Windows certificates to open the communication with ASA, ASA then passes the user certificate or it hash or any unique credentials to RADIUS running on Windows IAS and if the credentials are valid (certificate is not revoked) then it will tell ASA to allow the VPN access.

And if this is really possible then please navigate us to the up-to-date documentantion.

Thank you very much.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion