Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
1
Helpful
1
Replies

SSL VPN on ASA5500 using CAC (smartcard)

otsgnetops
Level 1
Level 1

‎05-21-2007 02:35 AM

I've completed the configuration of an ASA5500 to support certificate authentication of DoD CACs and have everything working properly though I have an annoyance that I would like to fix:

When a client attempts to establish an SSL VPN Session using their CAC (smartcard) they are prompt twice to select a certificate if they have the SSL client installed, if they don't they get prompted THREE times to select a certificate.

All this seems rather inane and from a user perspective annoying. So my questions are:

1. Can the ASA be configured to use their first selected certificate from there on?

2. Can the SSL VPN Client be configured to select the appropriate certificate automatically?

3. If 1 and 2 are no, then how can I eliminate the excessive certificate prompts?

I would very much like to move away from bandwidth heavy IPSEC connections and be able to utilize the SSL VPN solution, though this simply isn't simple enough for my clients.

Tim

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎05-28-2007 11:21 AM

To enable ASA 5500 support for the DoD Common Access Card (CAC) when it is integrated with Active Directory (AD) to provide Smart Card Logon.

Customers Also Viewed These Support Documents