Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to limit connection to SSL VPN

Hello, I must be missing something but in the IPSEC vpn world I have multiple levels of security to limit vpn access.

1. I have to give an end user the VPN profile with the shared key and group name

2. That user then has to type his username and password through radius.

So if a person doesn't have that VPN profile, they can't attempt to break my users passwords to gain access to the network.

I configured the SSL vpn, and I feel like it is less secure b/c it solely relies on complex passwords to limit network access. So, someone can hit the ssl anyconnect IP address and start guessing usernames and passwords. They dont have to have a prerequisite client profile, etc.

Basically, I am looking for some way to have to give a SSL VPN user a digital certificate. Without the digital certificate installed on their browser, they cannot connect to the portal login page. Any configuration guides would be greatly appreciated. Thanks for the help.

1 REPLY
New Member

Re: How to limit connection to SSL VPN

Enable Cisco Secure Desktop and configure a pre-login policy to perform the certificate check as part of the posture assessment.

http://www.cisco.com/en/US/docs/security/csd/csd341/configuration/guide/CSDcrite.html#wp1054781

238
Views
0
Helpful
1
Replies
CreatePlease login to create content