View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0127 - SSL VPN AnyConnect Client Certificate and Double Authentication (Part 1)

Average: 5 (2 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0127 - Video Download $10.00
Purchase SEC0127 - Video Download $10.00
The video demonstrates different ways that you can leverage client-based certificate authentication with Cisco ASA AnyConnect VPN. Some of things that we will be configuring includes certificate attribute mapping to tunnel-group, authorization against Cisco ISE, dual-factor authentication with certificate and AD credential, and finally, secondary authentication. These are inherent features to the AnyConnect VPN. Additional certificate features related to AnyConnect Secure Mobility will be explored in the future videos.
Part 1 of this video goes over the fundamental of VPN certificate authentication and mapping
  • Client-based Certificate Authentication
  • Certificate Map
  • Certificate Authorization
  • Certificate Username
  • Certificate and AD Credential Authentication
  • Secondary Authentication

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.



At timeline 2:10 minutes, how did you include OU in the certificate. I have followed your other CA video's and my CA templates are exact match as yours. However, i can't figure out how to include OU in the certs pushed by the AD.

Some info:
Server 2012 R2 Enterprise CA mode linked with AD
client PC: windows 7

Thank you.

Ah, never mind. It seem Organization Unit was blank in AD. Once it was added, gpupdate was applied, user cert then shows OU. Thanks.

Lab Minutes Classifieds