On Wed, Jun 06, 2012 at 20:51:52, Antonio Soares wrote:
> Subject: WebVPN with AAA and Certificates
>
> Hello group,
>
> I'm looking for a sample configuration of Clientless WebVPN on the ASA
> with AAA and Certificate authentication.
>
> I need to implement a scenario with:
>
> ASA running 8.4.x
> Cisco ACS 5.3.x
> MS Active Directory
> MS Certification Authority
>
> I've checked the ACS 5.x examples:
>
> http://www.cisco.com/en/US/products/ps9911/prod_configuration_exampl
> es_list.
> html
>
> And the ASA examples:
>
> http://www.cisco.com/en/US/products/ps6120/prod_configuration_exampl
> es_list.
> html
>
For this implementation, I don't know how much value ACS brings. Do you plan on providing other remote access functions or just clientless VPN? You can enable client auth globally or you can enable per tunnel group via drop down alias or group-url. I've read blog posts on INE that make the whole thing pretty easy. My experience is that it's a total PIA and difficult to troubleshoot.
How do you intend on generating the certificates? Will they be prepopulated through a GPO or do you plan to enable anyconnect to setup a temporary tunnel to generate the cert?
Better yet, how do you envision it working?
-ryan
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 07 2012 - 01:04:41 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART