Sunday, January 20, 2013

CISCO ASA Anyconnect Certificate Authentication


A summary of these steps to setup ASA certificate authentication.

1. Create Connection Profiles with Certificate Authentication, assign with Client Address Pools and Group Policy;




2. Configure Split Tunneling if required in Group Policy;



3. Configure Client Profile to link to Group Policy,

a. Tick Certificate Store Override if Computer Certificate will be used for Certificate Authentication in Preferences (Part 1);



b. Add the public DNS name and IP address in Server List for VPN connection;



4. Dynamic Access Policies also can configure to restrict VPN user network access;



5. Input the root CA certificate to Certificate management -> CA Certificates;



6. Configure Revocation for root CA certificate;


a. Configure Revocation Check, either or both OCSP and CRL;



b. Configure CRL Retrieval Policy; (multiple static URLs for full CRL DP and Delta CRL DP is not supported)



c. Configure CRL Retrieval Method;



d. Configure Other Options;



7. Publish the Certificate Template in CA server.



Posted by at
Labels:

1 comment:

  1. r4August 14, 2013 at 4:21 AM

    Hi!
    Great post like this must be highly recommended. It is so nice to read such wonderful blog.

    Thanks



    Certificate Authentication

    ReplyDelete

Subscribe to: Post Comments (Atom)