Re: [fw-wiz] VPN certificates and XAUTH



I didn't really get your question. Do you wanna perform Certificate
authentication at group level or at xauth level ?

Level 1 authentication is used for peer (device) authentication
(groupname/pass). We can definitely use certificates for this type of
authentication. I have seen such things work. However , you would
still need to manually insert the xauth/pass ! Also, even if its
possible to use certificate for Xauth (which I doubt), I think it
would add complications and would not be scalable !

Having said that , I'm sure you can use Token based Xauth (like RSA)
with VPN client.

http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_PIX_702_AuthMan61.pdf
http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf

Hope this helps. If not, please can you elaborate the question a bit.

Thanks,
Aditya Govind Mukadam




On Thu, Jul 17, 2008 at 6:53 PM, Petr Vyhnal <vyhnal@xxxxxx> wrote:
Hi all,

I have one quick question. I usually configure PIXes for VPN client in
two level authentication mode. Level 1 is vpngroup/password and level 2
is XAUTH using RADIUS server. Is there possibility (with PIX or ASA) to
use per-user generated certificates instead vpngroup/pass auth with
XAUTH/RADIUS second level auth as well?

rudiik

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] VPN certificates and XAUTH
    ... Does anybody know if a certificate used for group authentication can be ... certificate for Xauth, I think it would add complications ...
    (Firewall-Wizards)
  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: PEAP-TLS vs EAP-TLS
    ... It covers the deployment of PEAP with digital certificates (what you are ... PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or generally ... Of course user certificate authentication used in PEAP-TLS ...
    (microsoft.public.windows.server.security)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: PEAP-TLS vs EAP-TLS
    ... and PEAP is that PEAP is a two-step process where 1) the RADIUS server is ... authenticated to the client via the RADIUS server's certificate, ... encrypted TLS channel is set up for 2) client authentication (either using ... But I wonder how much more secure PEAP-TLS is than EAP-TLS, ...
    (microsoft.public.windows.server.security)