Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3015 needs to authenticate PCs before permiiting access

Can I use a MS certificate server to authenticate PCs going through a 3015 VPN concentrator? The need is to ensure that we only allow approved PCs through the link. Using a shared secret is not enough because an end user that knows the shared secret can load the vpn client on another box and configure to connect.

Any help would be greatly appreciated.

Thanks.

4 REPLIES
Cisco Employee

Re: 3015 needs to authenticate PCs before permiiting access

You can use certificates for authenticaqtion instead of pre-shared keys, if that is what you meant :

http://www.cisco.com/warp/public/471/installboth.html .

Regards,

New Member

Re: 3015 needs to authenticate PCs before permiiting access

Yes you can, but the CA must be a Certificate server in an AD domain. The concentrator does an LDAP lookup to AD.

New Member

Re: 3015 needs to authenticate PCs before permiiting access

Thanks for the reply. So a standalone Win2000 server running as a CA will not work? This is pretty helpful as we are also ramping up to AD right now, I will have to make sure this is available prior to my implementation.

Any documentation on this specific subject? Any links?

Thanks Again.

New Member

Re: 3015 needs to authenticate PCs before permiiting access

If I remember correctly, it was about a year ago, the concentrator uses LDAP to check the CRL and the only way to get a MS CA to respond to an LDAP lookup is to have the CA on an AD Domain Controller. You also need to enable LDAP on your interface filters.

93
Views
4
Helpful
4
Replies
CreatePlease login to create content