Configuring access with Certificate or AAA on ASA5520

Unanswered Question
Feb 17th, 2010
User Badges:

Hi there!

I'm trying to configure a Cisco ASA 5520 to authenticate SSL VPN users via either certificate or local AAA, ie, normally the user will connect with a certificate but from time to time, users may forget their card at work and I would like to offer them an alternative way of logging via user and password.

When I try to configure this:

I access to Remote Access VPN > Clientless SSL VPN Access > Connection Profiles > Basic

The device gives 3 authentication methods: AAA, certificate and both

The question is: Is there anyway of configuring certificate as the main authentication method and AAA as a backup method?

Thank you in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Thu, 02/18/2010 - 10:32
User Badges:
  • Cisco Employee,

This will be possible in the future, currently the following bug will be affecting you


WebVPN configured for both AAA and Certificate Auth only does certs

If WebVPN authentication is configured for both AAA and certificates in the tunnel-group, only certificate authentication takes place.

WebVPN authentication is configured for both AAA and certificates.

None availble. Currently WebVPN auhenticaiton is by AAA or Certificates, and not both simultaneously.

It will always take CERT if both are configured.


This Discussion

Related Content