Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
1
Replies

Using Cisco IOS PKI for Authenticating Remote-Access VPNs.

amk_gremlin
Level 1
Level 1

‎07-22-2008 12:06 PM - edited ‎02-21-2020 10:21 AM

Hi all,

Can someone please direct me to documentation on how can I use the internal CA of my Cisco router to produce "end-user certificates" which can be used (later on) as credentials for a VPN connection to this router?

Explanation:

1. I need some strong authentication method for my remote-access VPN users. Naturally, certificates will do the trick.

2. Because I don't have (at this point) a dedicated PKI server, I decided to use the IOS capabilities of being a PKI server (CA).

3. Is it possible to generate a certificate by the means of Cisco IOS software, copy the results (hopefully, a PKCS#12 file for each user) to a TFTP and eventually authenticate to the box with it?

Thanks in advance,

Alex.

Labels:
0 Helpful
1 Reply 1

hadbou
Level 5
Level 5

‎07-28-2008 06:25 AM

check the section "ASA Configuration" present in the following url for more information on authenticating remote-access vpn using certificates:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_implementation_design_guide0900aecd805fc1d0.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents