Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can Network Access Manager be used to manage Cisco AnyConnect Secure Mobility VPN connections?

Can Network Access Manager be used to manage Cisco AnyConnect Secure Mobility VPN connections? Here is what we are looking to accomplish:

We are currently tasked with configuring our Laptop VPN clients to utilize Radius with Smart Cards certificate based authentication. Our desired configuration would operate in a similar fashion:

  • •1.) A laptop user logs onto their Windows system using their Smart Card and is granted access to the laptop desktop icons
  • •2.) The user initiates a VPN connection using the Cisco AnyConnect VPN client
  • •3.) The client uses the Authentication Certificate on the Smart Card and compares it to the certificate on the ASA for Authentication
  • •4.) The certificate is then passed to Radius for user authorization determined by Windows AD Group membership. If the user is a member of a Global Domain Group which is a member of a Universal Group in the domain root, they are granted access via VPN.

The problem we are having is that we are unable to pass the Authentication Certificate to Radius for Authorization. We envisioned using NAM to make that happen. The theory is that we would configure the ASA profile to use the “Certificate Method” for Authentication and NAM profile to pass that certificate to Radius for Authorization.

Is this possible? If so, is there a configuration guide that details the steps?

371
Views
0
Helpful
0
Replies
CreatePlease to create content