Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1134
Views
0
Helpful
4
Replies

Clientless and anyconnect vpn with certificate at asa 5505

teymur azimov
Level 1
Level 1

‎04-08-2012 11:53 PM - edited ‎02-21-2020 06:00 PM

hi dears. i configurated clientless remote-access vpn at asa 5505. authentication with tacacs and certificate server. all of them ar ok and working.

now i want to configurate cisco anyconnect vpn at same asa. and anyconnect vpn also authenticate tacacs ans certificate server.

is it possibly i configurate the anyconnect vpn at sama asa? is there occurs any problems with certificate process? my certificate server is the same

so the root certificate is same and asa also same asa so can i need the do the second certificate process with anyconnect vpn??

please ask my questions.

Labels:
0 Helpful
4 Replies 4

david.g.white
Level 1
Level 1

‎04-09-2012 03:53 AM

The basic question to ask / answer is:- what are you intending to use the different VPN connection types for ?

Conventionally you would use

1- clientless VPN to give none business devices access to a restricted set of resources

And

2- AnyConnect to give business laptops remote access to a larger set of LAN resources.

What is your plan

Sent from Cisco Technical Support iPad App

0 Helpful

teymur azimov
Level 1
Level 1
In response to david.g.white

‎04-09-2012 04:38 AM

my boss want to use anyconnect vpn so i must be configurated.

please answer my questions.

is it possibly i configurate the anyconnect vpn at sama asa? is there occurs any problems with certificate process? my certificate server is the same

so the root certificate is same and asa also same asa so can i need the do the second certificate process with anyconnect vpn??

please ask my questions.

thanks David

0 Helpful

david.g.white
Level 1
Level 1
In response to teymur azimov

‎04-13-2012 12:55 PM

The situation is unclear.

Yes you can use the same certificate, but you may not want to from a security point of view.

If you have used a public certificate issued by an Internet service such as verisign, then anybody with a verisign certificate and the anyconnect client could connect to your gateway.

In many situations this would not be acceptable and the anyconnect profile would not use a public cert?

it depends on your security stance?

Sent from Cisco Technical Support iPad App

0 Helpful

vabruno
Level 1
Level 1
In response to teymur azimov

‎04-15-2012 04:22 PM

To answer your question, yes you can enable both Anyconnect clientless and Anyconnect client using the same certificate.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents