Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
4
Helpful
2
Replies

Cisco ASA IPSEC VPN... Migration from Shared Secrets to 2FA

dwayne_sinclair
Level 1
Level 1

‎09-10-2013 12:14 PM - edited ‎02-21-2020 07:08 PM

Hi all,

I have various models of ASA's running 8.4 supporting IPSEC VPN using the Apple Native VPN Client configured with shared secret passwords and LDAP authentication. All is great but want to replace the shared secret passwords with certificates and continue with LDAP authentication (2FA).

I added a public cert onto the ASA and created local certs distributed to clients and all ok but cannot get past phase 1 with group2/5 miss matches.

Anyone have working examples of IPSEC, LDAP, Certs and the native Apple Client?

Thanks!

Labels:
0 Helpful
2 Replies 2

npokhriy
Level 1
Level 1

‎09-10-2013 01:59 PM

Hi Dwayne,

In case of Ipsec vpn clients , we can do group authentication using certificates and user authentication using LDAP.

Below is the link to configure certificate authentication on ASA:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

https://supportforums.cisco.com/community/netpro/security/vpn/blog/2012/08/28/anyconnect-certificate-based-authentication

for LDAP authentication, you can following below link:-

https://supportforums.cisco.com/docs/DOC-3843

Let me know if it helps.

dwayne_sinclair
Level 1
Level 1
In response to npokhriy

‎09-11-2013 12:30 PM

Thanks so much Naresh. I had found these links and reviewed them in detail and attempted to implement but with no success.

I will update once I find a solution.

0 Helpful
Customers Also Viewed These Support Documents