Authenticating to Pix with Certificate

stuart.jones · ‎10-19-2009

Hi,

Is it possible to authenticate to the Pix using a cert?

My customer want additional protection above the configured source IPs (which can be spoofed) for its FW admins

Thanks

Stu

Herbert Baerten · ‎10-20-2009

I assume you mean for ASDM access (if not, please clarify the question).

This can be done as of version 8.0(3) with the following command:

ssl certificate-authentication interface

Note that if you have webvpn enabled on this interface, and if both ASDM and Webvpn are running on port 443 (the default) then this will also enable certificate authentication for Webvpn users connecting to this interface.

In the most common scenario, ASDM is accessed on the inside and webvpn on the outside so this is not a problem, but if it is then you can run ASDM on a different port, e.g.:

http server enable 4433

ssl certificate-authentication interface port 4433

Herbert Baerten · ‎10-20-2009

And actually in 7.x you can do the same with:

http authentication-certificate

stuart.jones · ‎10-20-2009

Hi,

Sorry should of given a bit more info.

I was referring to PDM access on a Pix most of which are running ver 6x

Thanks

Herbert Baerten · ‎10-20-2009

As far as I know it is not possible on Pix 6.x, sorry.

stuart.jones · ‎10-20-2009

Ah OK, thanks for the response, much appreciated.

Kind Regards