Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

can VPN3k SSLVPN authenticate user using both radius and cert?

The customer is planning to use SSLVPN client on the VPN3k.

The requirement is:

VPN3k will prompt user for username/password for radius authentication. If verification is successful, cisco will download it's ssl client and installs it into the user's pc.

They also want VPN3k to check whether the user has a certificate installed in his/her PC. If yes, then proceed to download the client. If no, then cisco will log the user out.

Can this be done?

Thanks in advance!


Re: can VPN3k SSLVPN authenticate user using both radius and cer

My understanding on SSLVPN is as follows.

The main purpose of SSLVPN is to have access to the protected resource from "anywhere". By 'anywhere' I mean from any machines from Internet Kiosks, from your friend's home computer etc. So, the users will not have their certificates installed on these machines. The authentication will based only on the RADIUS authentication.

SSLVPN does not expect the clinet to authenticate. Only the server authenticates like in Internet transactions. But I also remember that the SSL protocol has an option to authenticate the client certificate.

CreatePlease to create content