Re: [fw-wiz] VPN certificates and XAUTH

I didn't really get your question. Do you wanna perform Certificate
authentication at group level or at xauth level ?

Level 1 authentication is used for peer (device) authentication
(groupname/pass). We can definitely use certificates for this type of
authentication. I have seen such things work. However , you would
still need to manually insert the xauth/pass ! Also, even if its
possible to use certificate for Xauth (which I doubt), I think it
would add complications and would not be scalable !

Having said that , I'm sure you can use Token based Xauth (like RSA)
with VPN client.

http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_PIX_702_AuthMan61.pdf
http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf

Hope this helps. If not, please can you elaborate the question a bit.

Thanks,
Aditya Govind Mukadam




On Thu, Jul 17, 2008 at 6:53 PM, Petr Vyhnal <vyhnal@xxxxxx> wrote:
Hi all,

I have one quick question. I usually configure PIXes for VPN client in
two level authentication mode. Level 1 is vpngroup/password and level 2
is XAUTH using RADIUS server. Is there possibility (with PIX or ASA) to
use per-user generated certificates instead vpngroup/pass auth with
XAUTH/RADIUS second level auth as well?

rudiik

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] VPN certificates and XAUTH
    ... Does anybody know if a certificate used for group authentication can be ... certificate for Xauth, I think it would add complications ...
    (Firewall-Wizards)
  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: PEAP-TLS vs EAP-TLS
    ... It covers the deployment of PEAP with digital certificates (what you are ... PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or generally ... Of course user certificate authentication used in PEAP-TLS ...
    (microsoft.public.windows.server.security)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)