Conc.VPN 3000 + user certificates + radius

Discussion in 'Cisco' started by Christophe, Jan 18, 2004.

  1. Christophe

    Christophe Guest

    Hi!

    We use a CISCO VPN Concentrator 3005 (firmware: 3.6.6) as our IPSEC
    gateway for remote connections.
    We previously used an Activcard radius system to authentify our users,
    but now we want to setup a certificate based authenfication (with
    smartcard tokens).
    We use an Open source PKI to generate our authentification
    certificates. We succeed in configuring the CISCO to support this
    mode. The OU=<branch> is used to identify the user's group. To check
    the users authorization, we want to use a Radius server.

    We wonder if in this case a login/password will be asked to the remote
    users or if the CISCO directly provides the certificate's DN (or any
    other certificate's fields) to the radius server after the
    authentification?

    We did not setup a radius yet, that's why I ask the question :)
    (We hope that no login/password is required : it seems "useless" to
    ask a login ans a password to the user because the authentification
    has been verified durint the IPSEC phase1 negociation).

    Thanks.

    Christophe
     
    Christophe, Jan 18, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.