Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Conc.VPN 3000 + user certificates + radius

Reply
Thread Tools

Conc.VPN 3000 + user certificates + radius

 
 
Christophe
Guest
Posts: n/a
 
      01-18-2004
Hi!

We use a CISCO VPN Concentrator 3005 (firmware: 3.6.6) as our IPSEC
gateway for remote connections.
We previously used an Activcard radius system to authentify our users,
but now we want to setup a certificate based authenfication (with
smartcard tokens).
We use an Open source PKI to generate our authentification
certificates. We succeed in configuring the CISCO to support this
mode. The OU=<branch> is used to identify the user's group. To check
the users authorization, we want to use a Radius server.

We wonder if in this case a login/password will be asked to the remote
users or if the CISCO directly provides the certificate's DN (or any
other certificate's fields) to the radius server after the
authentification?

We did not setup a radius yet, that's why I ask the question
(We hope that no login/password is required : it seems "useless" to
ask a login ans a password to the user because the authentification
has been verified durint the IPSEC phase1 negociation).

Thanks.

Christophe





 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are SSL certificates and x.509 certificates the same? n33470 ASP .Net Web Services 0 12-14-2005 03:30 PM
VPN 3000 with internal group external RADIUS user auth failing soldara Cisco 1 09-13-2004 08:19 PM
Self-issued certificates and commercial certificates. Lord Amoeba Computer Security 2 05-05-2004 01:40 PM
Vpn 3000 --> WebSSL & Radius Damien Cisco 1 02-24-2004 07:14 PM
Cisco radius attributes with Funk Steel-Belted Radius Server David Cisco 0 11-06-2003 09:54 PM



Advertisments