We help IT Professionals succeed at work.

Cisco anyconnect with 3rd party Certificates to verify identity

Reset_
Reset_ asked
on
I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.

In the connection profile i have set up that users should authenticate using both certificate and AAA.

Due to a high security requirement, the user certificate is issued from a 3rd party.

 This is also working fine and the user now need a valid certificate and a username/password to authenticate successfully.

I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.

Problem:
If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and her Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password/certificate. I guess i have to have som kind of mapping between the user certificate and the user object, and check this mapping during authentication. How can i accomplish this?

All users reside in an 2008 R2 Active Directory
Comment
Watch Question

Commented:
I posted this in the cisco forum too, after thinking about this some more i came up with a work around that might be suitable.

https://supportforums.cisco.com/thread/2115941

Explore More ContentExplore courses, solutions, and other research materials related to this topic.