Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA for VPN clients on ASA against Windows IAS using Windows PKI & CA


we're trying to setup ASA 5520 as a VPN gateway for remote users.

ASA is set up as a RADIUS client of Windows Server 2003 IAS service and is connected to Windows CA using the SCEP plugin.

We want to authenticate users with their users' certificates which are generated with Windows Server 2003 Certificate Services and deployed through Active Directory.

We didn't figure out from the documentation yet how to set the ASA to mediate the communication between VPN clients and IAS (RADIUS).

This should be possible from our understanding but we can't find any usefull information in books nor Cisco online documentation. There is one tutorial for v7 here but it's not accurate for v8 which we are using and does not cover the whole topic at all.

Please, confirm our assumption that VPN clients can use Windows certificates to open the communication with ASA, ASA then passes the user certificate or it hash or any unique credentials to RADIUS running on Windows IAS and if the credentials are valid (certificate is not revoked) then it will tell ASA to allow the VPN access.

And if this is really possible then please navigate us to the up-to-date documentantion.

Thank you very much.