10-19-2009 09:21 PM
Hi,
Is it possible to authenticate to the Pix using a cert?
My customer want additional protection above the configured source IPs (which can be spoofed) for its FW admins
Thanks
Stu
10-20-2009 02:51 AM
I assume you mean for ASDM access (if not, please clarify the question).
This can be done as of version 8.0(3) with the following command:
ssl certificate-authentication interface
Note that if you have webvpn enabled on this interface, and if both ASDM and Webvpn are running on port 443 (the default) then this will also enable certificate authentication for Webvpn users connecting to this interface.
In the most common scenario, ASDM is accessed on the inside and webvpn on the outside so this is not a problem, but if it is then you can run ASDM on a different port, e.g.:
http server enable 4433
ssl certificate-authentication interface
10-20-2009 02:58 AM
And actually in 7.x you can do the same with:
http authentication-certificate
10-20-2009 09:55 AM
Hi,
Sorry should of given a bit more info.
I was referring to PDM access on a Pix most of which are running ver 6x
Thanks
10-20-2009 12:50 PM
As far as I know it is not possible on Pix 6.x, sorry.
10-20-2009 01:01 PM
Ah OK, thanks for the response, much appreciated.
Kind Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide