I'm using the ipsec vpn client with certificates for group authentication + radius with expiry, and everything works fine.
I want to use certificate authentication for webvpn as well, but i'm not able to get it to work, the certificate CN is test-user and is placed in the microsoft store so i can use it for both ipsec vpn and webvpn.
When i login to the webvpn i get the certificate request, i can see my certificate but when i press ok i get the following error "Unable to authorize certificate".
As a radius server i use microsoft ias and win2003, this are the steps that i've done for authorization;
- I created a windows group "test-webvpn" and a user "test-user".
- I moved the test-user into test-webvpn group.
- Added a vendor-specific class attribute 25 with format "OU=test-webvpn;".
If i test the authorization from Configuration | System | Servers | Authorization | Test with user "test-user" i get "Authorization Rejected: Unspecified" while authentication succeed, so i'm sure that i'm doing something wrong on the radius server.
I've being browsing the cisco web site for the past 3 days but i couldn't find any example for webvpn certificate-based authentication.
Can someone tell me what are the necessary steps for ias authorization or point me to docs or examples.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...