Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 3000 PKI authentication via RADIUS

I have a Cisco 3005, running software version 4.0.1. I have got following authentication settings working:

1. PKI certificate authentication within the concentrator; no password

2. PKI certificate authentication within the concentrator + password authentication via RADIUS

I am trying to get the following configuration working:

- Authenticating users using PKI via RADIUS server. That is, rather than verifying the certificate in the concentrator, we want to pass user's certificate to a RADIUS server for authentication. No password involved.

I guess this would require RADIUS/EAP. From the documentation, I know RADIUS/EAP works with PPTP and L2TP tunnels. Does it also work with IPSec tunnels?



Re: Cisco 3000 PKI authentication via RADIUS

I'm not too sure about this but I don't remember coming across a setup with RADIUS/EAP being used with IPSec tunnels. I guess this is not possible.

New Member

Re: Cisco 3000 PKI authentication via RADIUS

You should use MS native VPN client to support L2TP/IPsec tunnel where the IPsec session is between the user client and the concentrator and the L2TP session is between the user's machine and the ACS.

Basically you should enable EAP proxy on the concentrator to forward EAP packets to the ACS server. On the ACS you should select EAP-TLS in the authentication setting and ofcourse enroll certificate for it.



CreatePlease login to create content