can VPN3k SSLVPN authenticate user using both radius and cert?

Unanswered Question
Dec 20th, 2005
User Badges:

The customer is planning to use SSLVPN client on the VPN3k.

The requirement is:

VPN3k will prompt user for username/password for radius authentication. If verification is successful, cisco will download it's ssl client and installs it into the user's pc.

They also want VPN3k to check whether the user has a certificate installed in his/her PC. If yes, then proceed to download the client. If no, then cisco will log the user out.

Can this be done?

Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Mon, 12/26/2005 - 10:39
User Badges:
  • Bronze, 100 points or more

My understanding on SSLVPN is as follows.

The main purpose of SSLVPN is to have access to the protected resource from "anywhere". By 'anywhere' I mean from any machines from Internet Kiosks, from your friend's home computer etc. So, the users will not have their certificates installed on these machines. The authentication will based only on the RADIUS authentication.

SSLVPN does not expect the clinet to authenticate. Only the server authenticates like in Internet transactions. But I also remember that the SSL protocol has an option to authenticate the client certificate.


This Discussion