Installing the certificate onto the VPN concentrator won't affect your users in any way, the VPN clients will still be configured to use the group name/password and that is what they'll use until you install a cert onto the client and set up the connection profile to use that cert.
Yes, this is a secure method of authenticating. The good thing with certificates is their scalability. If you have 1000 VPN clients all using the same group name/password, then if one of those users leaves the company then if you want to be safe you should then change that group name/password. Unfortunately this involves distributing a new connection profile to 999 other people. With certificates, and more specifically Certificate Revocation Lists (CRL's), you can simply revoke that one users certificate and they won't be able to even get past the first step.
does this require 2 certs to login? one for group and one for user?
The original question states"We want to utilize the certificate management section of the VPN concentrator to manage our users instead of a group name and group password for the first authentication method"
They don't want to use the group name and pw for first authentication.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...