Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2448
Views
0
Helpful
1
Replies

Cisco AnyConnect & PEAP - TLS

townleyp
Level 1
Level 1

‎06-23-2010 08:03 AM - edited ‎02-21-2020 04:42 PM

What we are considering is having the anyconnect client initially connect to the Cisco ASA, then have the ASA pass the authentication  information back to the RADIUS server.  This RADIUS server will then decide whether the user is allowed to connect or not based on what certificate, username, and password they provide.

PEAP - TLS allows for the use of certificates, and for usernames and passwords all to be validated in RADIUS.  Our question is whether or not the AnyConnect client can provide this authentication information in the PEAP-TLS format or not, and if it can, how do we configure it.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-24-2010 09:15 AM

Anyconnect authenticates only to ASA/IOS.

Certificate authentication + user authentication is possible.

Certificate authentication is only done locally (on ASA/router or client), while password authtentication can be done done in the background by ASA going to ACS(usually via radius).

What other questions do you have?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents