Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco AnyConnect & PEAP - TLS

What we are considering is having the anyconnect client initially connect to the Cisco ASA, then have the ASA pass the authentication  information back to the RADIUS server.  This RADIUS server will then decide whether the user is allowed to connect or not based on what certificate, username, and password they provide.

PEAP - TLS allows for the use of certificates, and for usernames and passwords all to be validated in RADIUS.  Our question is whether or not the AnyConnect client can provide this authentication information in the PEAP-TLS format or not, and if it can, how do we configure it.

Cisco Employee

Re: Cisco AnyConnect & PEAP - TLS

Anyconnect authenticates only to ASA/IOS.

Certificate authentication + user authentication is possible.

Certificate authentication is only done locally (on ASA/router or client), while password authtentication can be done done in the background by ASA going to ACS(usually via radius).

What other questions do you have?

CreatePlease to create content