04-26-2006 03:07 AM - edited 02-21-2020 10:15 AM
Hi
I'm using the ipsec vpn client with certificates for group authentication + radius with expiry, and everything works fine.
I want to use certificate authentication for webvpn as well, but i'm not able to get it to work, the certificate CN is test-user and is placed in the microsoft store so i can use it for both ipsec vpn and webvpn.
When i login to the webvpn i get the certificate request, i can see my certificate but when i press ok i get the following error "Unable to authorize certificate".
As a radius server i use microsoft ias and win2003, this are the steps that i've done for authorization;
- I created a windows group "test-webvpn" and a user "test-user".
- I moved the test-user into test-webvpn group.
- Added a vendor-specific class attribute 25 with format "OU=test-webvpn;".
If i test the authorization from Configuration | System | Servers | Authorization | Test with user "test-user" i get "Authorization Rejected: Unspecified" while authentication succeed, so i'm sure that i'm doing something wrong on the radius server.
I've being browsing the cisco web site for the past 3 days but i couldn't find any example for webvpn certificate-based authentication.
Can someone tell me what are the necessary steps for ias authorization or point me to docs or examples.
Any help would be appreciated, thanks in advance.
05-03-2006 08:44 AM
Unchecked the option "Client Authentication" located under:
Configuration | Tunneling and Security | SSL | HTTPS
08-28-2006 11:42 AM
I am also trying to do this and would be very interested in the resolution to this problem.
Thanks.
08-28-2006 12:34 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: