Configuring access with Certificate or AAA on ASA5520

Unanswered Question
Feb 17th, 2010
User Badges:

Hi there!


I'm trying to configure a Cisco ASA 5520 to authenticate SSL VPN users via either certificate or local AAA, ie, normally the user will connect with a certificate but from time to time, users may forget their card at work and I would like to offer them an alternative way of logging via user and password.


When I try to configure this:


I access to Remote Access VPN > Clientless SSL VPN Access > Connection Profiles > Basic

The device gives 3 authentication methods: AAA, certificate and both


The question is: Is there anyway of configuring certificate as the main authentication method and AAA as a backup method?


Thank you in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Thu, 02/18/2010 - 10:32
User Badges:
  • Cisco Employee,

This will be possible in the future, currently the following bug will be affecting you

CSCef16611


WebVPN configured for both AAA and Certificate Auth only does certs

Symptom:
If WebVPN authentication is configured for both AAA and certificates in the tunnel-group, only certificate authentication takes place.

Conditions:
WebVPN authentication is configured for both AAA and certificates.

Workaround:
None availble. Currently WebVPN auhenticaiton is by AAA or Certificates, and not both simultaneously.


It will always take CERT if both are configured.

Actions

This Discussion

Related Content