radius

SEC0127 - SSL VPN AnyConnect Client Certificate and Double Authentication (Part 1)

The video demonstrates different ways that you can leverage client-based certificate authentication with Cisco ASA AnyConnect VPN. Some of things that we will be configuring includes certificate attribute mapping to tunnel-group, authorization against Cisco ISE, dual-factor authentication with certificate and AD credential, and finally, secondary authentication. These are inherent features to the AnyConnect VPN. Additional certificate features related to AnyConnect Secure Mobility will be explored in the future videos.

Rating:

Average: 5 (2 votes)

Difficulty Level:

Tag:

sslvpn

asa

anyconnect

radius

certificate

certificate map

Read more about SEC0127 - SSL VPN AnyConnect Client Certificate and Double Authentication (Part 1)
2 comments
Log in or register to post comments

SEC0126 - SSL VPN AnyConnect Client LDAP Attribute Mapping

The video shows you an ability to integrate Cisco ASA with LDAP server (here we use Active Directory) and perform user attribute to RADIUS attribute mapping for Cisco AnyConnect VPN configuration. We will step through the entire process of assigning VPN parameters to an AD user, identifying the corresponding LDAP attributes, and map them to desired RADUS attributes. This is another alternative to those that do not own a RADIUS server.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about SEC0126 - SSL VPN AnyConnect Client LDAP Attribute Mapping
Log in or register to post comments

SEC0125 - SSL VPN AnyConnect Client External Group Policy

The video helps you centralize your Cisco ASA AnyConnect VPN client group-policy configuration to your RADIUS server in case you would like to maintain configuration consistency on multiple ASA VPN devices. We will convert the group-policy configured in the previous lab into RADIUS attributes and, in addition, push out a Downloadable ACL (DACL). We will also demonstrate how per-user authorization still overwrites the configuration received from the group-policy.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

external group-policy

Read more about SEC0125 - SSL VPN AnyConnect Client External Group Policy
3 comments
Log in or register to post comments

SEC0124 - SSL VPN AnyConnect Client Address Assignment

The video looks into two additional methods of assigning IP address to Cisco ASA AnyConnect VPN client; using DHCP and RADIUS, in addition to the most popular local address pool. We will be using a Windows 2008 DHCP server and Cisco ACS 5.5 RADIUS server in this lab.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about SEC0124 - SSL VPN AnyConnect Client Address Assignment
Log in or register to post comments

SEC0117 - SSL VPN Tunnel-Group Group-Policy (Part 2)

The video explains and demonstrates the relationship between tunnel-group and group-policy on Cisco ASA SSL VPN and compare them to the IPSec counterpart. You will learn different ways to land a user on a tunnel-group and either statically or dynamically assign them to a group-policy. Both pros and cons of each method will be discussed so you can decide which is best suited for your deployment.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

Read more about SEC0117 - SSL VPN Tunnel-Group Group-Policy (Part 2)
Log in or register to post comments

SEC0117 - SSL VPN Tunnel-Group Group-Policy (Part 1)

The video explains and demonstrates the relationship between tunnel-group and group-policy on Cisco ASA SSL VPN and compare them to the IPSec counterpart. You will learn different ways to land a user on a tunnel-group and either statically or dynamically assign them to a group-policy. Both pros and cons of each method will be discussed so you can decide which is best suited for your deployment.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

Read more about SEC0117 - SSL VPN Tunnel-Group Group-Policy (Part 1)
Log in or register to post comments

SEC0111 - ISE 1.2 AnyConnect VPN RADIUS Authentication and Authorization (Part 2)

The video walks you through configuration of VPN RADIUS authentication on Cisco ISE 1.2 with AnyConnect Client SSL VPN. We will try to solve the problem of users having to select a VPN group at login by dynamically assigning them to a group-policy via Class RADIUS attribute. We will also attempt to enforce per-user ACL via the Downloadable ACL on ISE. This video is a counterpart of SEC0096 - ACS 5.4 AnyConnect VPN RADIUS Authentication and Authorization.

Part 2 of this video completes ASA configuration and test VPN login.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

Read more about SEC0111 - ISE 1.2 AnyConnect VPN RADIUS Authentication and Authorization (Part 2)
13 comments
Log in or register to post comments

SEC0111 - ISE 1.2 AnyConnect VPN RADIUS Authentication and Authorization (Part 1)

The video walks you through configuration of VPN RADIUS authentication on Cisco ISE 1.2 with AnyConnect Client SSL VPN. We will try to solve the problem of users having to select a VPN group at login by dynamically assigning them to a group-policy via Class RADIUS attribute. We will also attempt to enforce per-user ACL via the Downloadable ACL on ISE. This video is a counterpart of SEC0096 - ACS 5.4 AnyConnect VPN RADIUS Authentication and Authorization.

Part 1 of this video provides overview of the lab setup and completes all required configuration on ISE.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

Read more about SEC0111 - ISE 1.2 AnyConnect VPN RADIUS Authentication and Authorization (Part 1)
9 comments
Log in or register to post comments

SEC0110 - ISE 1.2 Endpoint Protection Service (EPS) (Part 2)

The video demonstrates the use of Endpoint Protection Service (EPS) on Cisco ISE 1.2 to quarantine undesired endpoints. Unlike manually removing an endpoint from the network by shutting down port and the endpoint can potentially be moved to a different port to regain access, although ISE also allow you to exactly this by issuing a port-shutdown CoA, placing host MAC address or IP into EPS quarantine ensures the endpoint remains denied from the network regardless of its point to attachment. A policy can be created to block endpoint traffic by ACL or/and placing them into a unusable VLAN.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag:

Read more about SEC0110 - ISE 1.2 Endpoint Protection Service (EPS) (Part 2)
2 comments
Log in or register to post comments

SEC0110 - ISE 1.2 Endpoint Protection Service (EPS) (Part 1)

The video demonstrates the use of Endpoint Protection Service (EPS) on Cisco ISE 1.2 to quarantine undesired endpoints. Unlike manually removing an endpoint from the network by shutting down port and the endpoint can potentially be moved to a different port to regain access, although ISE also allow you to exactly this by issuing a port-shutdown CoA, placing host MAC address or IP into EPS quarantine ensures the endpoint remains denied from the network regardless of its point to attachment. A policy can be created to block endpoint traffic by ACL or/and placing them into a unusable VLAN.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag: