Thanks Eugene,
that document does talk about the use of a trustpoint to use for the
server's certificate but doesn't seem to make any mention of requesting a
certificate from the client to authorise him/her.
Even with the ssl trustpoint defined on the IOS WebVPN gateway object, the
portal still just asks for username/password authentication which is to be
expected as the trustpont command (ssl trustpoint *tp_name*) configures
what ID certificate the router will use for SSL based on what ID
certificate is bound to that trustpoint.
I am looking specifically for a command such as that on the ASA below which
enables certificate or PSK base authentication on a tunnel group but for
application on an IOS WebVPN context
ASA-01(config)# tunnel-group *tunnel_group_name* webvpn-attributes
ASA-01(config-tunnel-webvpn)# authentication { certificate | aaa }
Thanks
Ben
On Wed, May 2, 2012 at 2:52 AM, Eugene Pefti <[email protected]>wrote:
> Check this white paper
>
>
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html
>
>
>
> From: Ben Shaw <[email protected]>
> Date: Tue, 1 May 2012 20:00:53 +1000
> To: <[email protected]>
> Subject: [OSL | CCIE_Security] Client side Certificate Authentication for
> IOS WebVPN
>
> Hi All
>
> I've been searching around for an answer for this but cannot fnd one so I
> am hoping someone here can enlighten me.
>
> I am going through the SSL VPN Configuration Guide for IOS 12.4T and it
> lists the commands required to be used to implement certififcate based
> authentication at this link below
>
>
> http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/12-4t/sec-conn-sslvpn-ssl-vpn.html#GUID-5DD600EC-E2C7-444F-B340-30B4CD221AF7
>
> The thing is, these commands do not exist. I cannot enter these commands
> in the WebVPN context and I suspect the documentation is actually refering
> to either IOS 15 commands or getting confused with ASA configuration.
>
> I have connected to the router I am using with IOS 12.4T and checked the
> configuration using CCP however these doesn't seem to be an option even in
> the GUI to select certificate based authentication for the context.
>
> Can someone tell me firstly if certificate based authentication is
> supported in IOS 12.4T and if so point me towards the correct documentation
> on how to configure it.
>
> Thanks
> Ben
> _______________________________________________ For more information
> regarding industry leading CCIE Lab training, please visit
> www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
