Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Webvpn with CA and AAA radius server

Hi,all

I have a testing in ASA5510,achieve ipsec remote vpn + certificate authentication + AAA radius username , password authentication and clientless webvpn + certificate authentication + aaa radius username , password  authentication。

ipsec remote vpn  and clientless webvpn + aaa radius  is work ,but clientless webvpn + aaa radius + aaa radius is doen't work.

the config with webvpn as below

crypto ca trustpoint CA

enrollment terminal

subject-name CN=VPN-Test.perlos.com,OU=IT,O=perlos,C=CN,St=GD,L=GZ

serial-number

keypair MY.KEY

crl configure

ssl encryption aes256-sha1 3des-sha1 aes128-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1

ssl trust-point CA outside

ssl certificate-authentication interface outside port 443

webvpn

enable outside

tunnel-group-list enable

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group (outside) vpn

password-management password-expire-in-days 90

authorization-required

tunnel-group DefaultWEBVPNGroup webvpn-attributes

authentication certificate

 

when we connect to https://outside-ip-address with IE the IE promte choose the certificate ,choosed the certificate click ok and disconnect

the ASDM log as below

Teardown TCP connection 2974 for outside:59.37.4.186/41455 to identity:59.37.4.180/443 duration 0:00:00 bytes 2857 TCP Reset-O
SSL session with client outside:59.37.4.186/41455 terminated.
Device completed SSL handshake with client outside:59.37.4.186/41455
Certificate chain was successfully validated with warning, revocation status was not checked.
Certificate was successfully validated. serial number: 27F90AF8000000003B25, subject name: ea=Alan.Fang@perlos.com,cn=Fang Alan,ou=Users,ou=GIM,dc=global,dc=perlos,dc=corp.
Starting SSL handshake with client outside:59.37.4.186/41455 for TLSv1 session.
2 REPLIES
New Member

Webvpn with CA and AAA radius server

Any one have idea with this ?

New Member

Webvpn with CA and AAA radius server

di Zahng,

I have the same problem,

have you got the answer after a year ?

512
Views
0
Helpful
2
Replies
CreatePlease to create content