Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring access with Certificate or AAA on ASA5520

Hi there!

I'm trying to configure a Cisco ASA 5520 to authenticate SSL VPN users via either certificate or local AAA, ie, normally the user will connect with a certificate but from time to time, users may forget their card at work and I would like to offer them an alternative way of logging via user and password.

When I try to configure this:

I access to Remote Access VPN > Clientless SSL VPN Access > Connection Profiles > Basic

The device gives 3 authentication methods: AAA, certificate and both

The question is: Is there anyway of configuring certificate as the main authentication method and AAA as a backup method?

Thank you in advance

Everyone's tags (4)
1 REPLY

Re: Configuring access with Certificate or AAA on ASA5520

This will be possible in the future, currently the following bug will be affecting you

CSCef16611

WebVPN configured for both AAA and Certificate Auth only does certs

Symptom:
If WebVPN authentication is configured for both AAA and certificates in the tunnel-group, only certificate authentication takes place.

Conditions:
WebVPN authentication is configured for both AAA and certificates.

Workaround:
None availble. Currently WebVPN auhenticaiton is by AAA or Certificates, and not both simultaneously.

It will always take CERT if both are configured.

983
Views
0
Helpful
1
Replies
CreatePlease to create content