Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Authentication checking

Hi All,

We are exploring other options to authenticate devices on the VPN.  Currently we only authenticate our users via RSA tokens.  We would like to move to a model where company managed assets would be able to VPN in with a device certificate and if the employee tried with a personal device it would prompt for RSA credentials.  Basically can we setup a vpn profile to check for device cert first.  If cert is not available then prompt for RSA credentials.

These are ASA 5520s on 8.3(2).

Thanks in advance,

Bill

2 REPLIES
Cisco Employee

Authentication checking

Hi Bill,

yes this should be no problem - you can define 2 tunnel-groups (connection profiles in ASDM terminology), then create a certificate map that maps a connection to the tunnel-group with cert auth, and set the other tunnel-group (with RSA) as default.

hth

Herbert

New Member

Authentication checking

Hi Herbert,

Does this only apply with SSLVPN profiles or can this be done with IPSec profiles as well?

thanks,

Bill

291
Views
0
Helpful
2
Replies
CreatePlease to create content