user authentication with certificates for remote site vpn
We are planning to authenticate the remote site VPN users using certificates, presently they are authenticating with ADS server. we are planning to use our own certificate server. can any body tell me how to configure this certificate authentication for remote site vpn.
Re: user authentication with certificates for remote site vpn
You need to import the CA certificate into your ASA that signed your client certificate. Then tick the option Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles 'Require client certificate'. Then in your connection profile choose auth method as AAA as you are not doing cert auth. When you connect to ASA with your IE browser, you should be prompted to choose a client certificate to use for your connection to the ASA. I don't think this works for Firefox as it won't have access to your Windows certificate store. The ASA should look through all its CA trustpoints to find one that matches the CA that signed your client cert, thereby validating your identity. I have only tried this with a Windows user certificate, not a machine certificate.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...