Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA IPSEC VPN... Migration from Shared Secrets to 2FA

Hi all,

I have various models of ASA's running 8.4 supporting IPSEC VPN using the Apple Native VPN Client configured with shared secret passwords and LDAP authentication. All is great but want to replace the shared secret passwords with certificates and continue with LDAP authentication (2FA).

I added a public cert onto the ASA and created local certs distributed to clients and all ok but cannot get past phase 1 with group2/5 miss matches.

Anyone have working examples of IPSEC, LDAP, Certs and the native Apple Client?

Thanks!

2 REPLIES
Silver

Cisco ASA IPSEC VPN... Migration from Shared Secrets to 2FA

Hi Dwayne,

In case of Ipsec vpn clients , we can do group authentication using certificates and user authentication using LDAP.

Below is the link to configure certificate authentication on ASA:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

https://supportforums.cisco.com/community/netpro/security/vpn/blog/2012/08/28/anyconnect-certificate-based-authentication

for LDAP authentication, you can following below link:-

https://supportforums.cisco.com/docs/DOC-3843

Let me know if it helps.

New Member

Re: Cisco ASA IPSEC VPN... Migration from Shared Secrets to 2FA

Thanks so much Naresh. I had found these links and reviewed them in detail and attempted to implement but with no success.

I will update once I find a solution.

405
Views
4
Helpful
2
Replies
CreatePlease login to create content