Firewall Wizards mailing list archives
Re: VPN certificates and XAUTH
From: "Secure Scorp" <securescorp () gmail com>
Date: Mon, 4 Aug 2008 10:55:54 +0530
I didn't really get your question. Do you wanna perform Certificate authentication at group level or at xauth level ? Level 1 authentication is used for peer (device) authentication (groupname/pass). We can definitely use certificates for this type of authentication. I have seen such things work. However , you would still need to manually insert the xauth/pass ! Also, even if its possible to use certificate for Xauth (which I doubt), I think it would add complications and would not be scalable ! Having said that , I'm sure you can use Token based Xauth (like RSA) with VPN client. http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_PIX_702_AuthMan61.pdf http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf Hope this helps. If not, please can you elaborate the question a bit. Thanks, Aditya Govind Mukadam On Thu, Jul 17, 2008 at 6:53 PM, Petr Vyhnal <vyhnal () cns eu> wrote:
Hi all, I have one quick question. I usually configure PIXes for VPN client in two level authentication mode. Level 1 is vpngroup/password and level 2 is XAUTH using RADIUS server. Is there possibility (with PIX or ASA) to use per-user generated certificates instead vpngroup/pass auth with XAUTH/RADIUS second level auth as well? rudiik _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN certificates and XAUTH Petr Vyhnal (Aug 01)
- Re: VPN certificates and XAUTH Robby Cauwerts (Aug 04)
- Re: VPN certificates and XAUTH Secure Scorp (Aug 04)
- Re: VPN certificates and XAUTH Alejandro Ezequiel Fernández Preda (Aug 05)