Is it possible to use digital certificates to communicate a cisco vpn client 4.0 to a vpn 3000, using ACS (radius) for authentication? If yes, could anyone tell me what to configure in ACS?! I look for this in the net but I find just the configuration of vpn 3000 being it the auth server.
If you only plan to use Authentication (No Authorization) then you don't need to configure anything on the ACS Server. Everything remains the same as Pre-Shared keys\group Password and user will be prompted for username\password (X-AUTH) after certifiacte verification.
VPN 3000 extracts the group_name from the Certificate "OU" field by default unless you define "Group matching" rules, which give you the option to use other certificate fields for Group assignment.
Another question: the certificate i'm using to test has 2 fields "OU" with 2 unequal names. i have to include both in the group matching rule?!
if i use acs for my aaa server, then my auth would be in it, right? i'm planning in do my auth in a domain group in microsoft ad... so, i create a group in vpn3000, another in acs matching with one of vpn3000, and one or more in ad matching with this in acs, right?! in this case, i have to configure something different in acs?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...