Re: Webvpn certificate authentication 3005 concentrator.

netadminquid · ‎04-26-2006

Hi

I'm using the ipsec vpn client with certificates for group authentication + radius with expiry, and everything works fine.

I want to use certificate authentication for webvpn as well, but i'm not able to get it to work, the certificate CN is test-user and is placed in the microsoft store so i can use it for both ipsec vpn and webvpn.

When i login to the webvpn i get the certificate request, i can see my certificate but when i press ok i get the following error "Unable to authorize certificate".

As a radius server i use microsoft ias and win2003, this are the steps that i've done for authorization;

- I created a windows group "test-webvpn" and a user "test-user".

- I moved the test-user into test-webvpn group.

- Added a vendor-specific class attribute 25 with format "OU=test-webvpn;".

If i test the authorization from Configuration | System | Servers | Authorization | Test with user "test-user" i get "Authorization Rejected: Unspecified" while authentication succeed, so i'm sure that i'm doing something wrong on the radius server.

I've being browsing the cisco web site for the past 3 days but i couldn't find any example for webvpn certificate-based authentication.

Can someone tell me what are the necessary steps for ias authorization or point me to docs or examples.

Any help would be appreciated, thanks in advance.

b.speltz · ‎05-03-2006

Unchecked the option "Client Authentication" located under:

Configuration | Tunneling and Security | SSL | HTTPS

snowmizer · ‎08-28-2006

I am also trying to do this and would be very interested in the resolution to this problem.

Thanks.

puagarwa · ‎08-28-2006

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/webvpnap.htm#wp1008861