Cisco AnyConnect & PEAP - TLS

Unanswered Question
Jun 23rd, 2010

What we are considering is having the anyconnect client initially connect to the Cisco ASA, then have the ASA pass the authentication  information back to the RADIUS server.  This RADIUS server will then decide whether the user is allowed to connect or not based on what certificate, username, and password they provide.

PEAP - TLS allows for the use of certificates, and for usernames and passwords all to be validated in RADIUS.  Our question is whether or not the AnyConnect client can provide this authentication information in the PEAP-TLS format or not, and if it can, how do we configure it.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Thu, 06/24/2010 - 09:15

Anyconnect authenticates only to ASA/IOS.

Certificate authentication + user authentication is possible.

Certificate authentication is only done locally (on ASA/router or client), while password authtentication can be done done in the background by ASA going to ACS(usually via radius).

What other questions do you have?


This Discussion