You are here
SEC0127 - SSL VPN AnyConnect Client Certificate and Double Authentication (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates different ways that you can leverage client-based certificate authentication with Cisco ASA AnyConnect VPN. Some of things that we will be configuring includes certificate attribute mapping to tunnel-group, authorization against Cisco ISE, dual-factor authentication with certificate and AD credential, and finally, secondary authentication. These are inherent features to the AnyConnect VPN. Additional certificate features related to AnyConnect Secure Mobility will be explored in the future videos.
Part 1 of this video goes over the fundamental of VPN certificate authentication and mapping
Topic:
- Client-based Certificate Authentication
- Certificate Map
- Certificate Authorization
- Certificate Username
- Certificate and AD Credential Authentication
- Secondary Authentication
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
OU
Hi
At timeline 2:10 minutes, how did you include OU in the certificate. I have followed your other CA video's and my CA templates are exact match as yours. However, i can't figure out how to include OU in the certs pushed by the AD.
Some info:
Server 2012 R2 Enterprise CA mode linked with AD
client PC: windows 7
Thank you.
MK
OU
Ah, never mind. It seem Organization Unit was blank in AD. Once it was added, gpupdate was applied, user cert then shows OU. Thanks.