I've setup a test ACS server and have everything functioning correctly including the WLAN. However, is there anyway for EAP-TLS to use ONLY the machine certificate and not the user certificate? We are not currently setup with per-user certificates. I'm guessing not on this... My primary question then is with User Certificates, how do you handle the following scenerio:
I have many CoW's (computer on wheels) through out the hospital that nurses use for inputting patient information. They all have a simple generic username/password (BADDD!!!!) so with this user it won't be hard to have default_user certificate install on the machines. But what if Doctor X decideds to walk up to one of these CoW's and wants to logout and log back in with his user/password on a machine he's never used before. How do we handle making sure he's able to connect if doesn't already have a cert on this computer? I'm quite mistified by this.
This forces it to only use hardware certificates and sets the authentication to do the correct RFC polling.
As for the other issue, MS CA user certs do not "roam". Yet. There is discussion of roaming credentials being in Windows 7, but not entirely what that means. Roaming certificates can be easier with a product like Venafi. There "Encryption Management" tools are certificate management suites. The do have roaming management, or at least did when we talked to them.
Oh, and if you use two CAs (hardware and user), the separation keeps it straight too.
Thank you! I've looked at the authmode/supplicantmode in the past but had not tried it in trying to get user authentication working as well. I appreciate your answer on the roaming profiles, clears quite a bit up. I do have a question though. I've noticed with my laptop with the reg hack and machine authentication only, i seem to authenticate alot? Looking at my ACS server logs it can span between a few minutes to 30 minutes. Doesn't seemed to tied to the EAP timeout period either. Any ideas on this? I ask because I noticed at one point I lost my IP and then it reauthenticated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...