Lab Minutes Forum

Technical Discussion => Security => Topic started by: amatteo78 on April 19, 2017, 05:31:06 AM

Title: ISA + ISE 2.1 vpn login with certificate
Post by: amatteo78 on April 19, 2017, 05:31:06 AM
Hello,

I have ASA with ISE 2.1 as Radius, they work fine togher to login vpn user.
Now I would try use user certificate already enrolment from BYOD proccess to login vpn user.
I try found some info online but only founded way to enrol/login certificate with ASA, meanwhile I already have user certificate, need only use it for login vpn user.
Thanks

M.
Title: Re: ISA + ISE 2.1 vpn login with certificate
Post by: MC on April 20, 2017, 08:43:27 PM
You can configure ASA to do certificate authentication, and configure AnyConnect client profile to use the BYOD certificate to authenticate. You can follow the video below.

http://www.labminutes.com/sec0127_ssl_vpn_anyconnect_client_certificate_double_authentication_1
Title: Re: ISA + ISE 2.1 vpn login with certificate
Post by: amatteo78 on April 21, 2017, 07:49:56 AM
Hello,

thanks for reply, only 1 things... If I need have 2 type authentication... 1 with cert I know how I do... 1 with user/pass for other user... how can I do ?
Thanks

M.
Title: Re: ISA + ISE 2.1 vpn login with certificate
Post by: amatteo78 on April 22, 2017, 11:19:26 AM
Hello,

I solve using new "group-url" for tunnel-group that I use for certificate.
Thanks

M.
Title: Re: ISA + ISE 2.1 vpn login with certificate
Post by: MC on April 24, 2017, 09:34:50 PM
Yep.. You got it. Other methods are 'group-alias' where user need to choose group from drop down, or  certificate map.