Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN Client with Digital Certificate.
- Thread starter rrgg
- Start date
The certificates or shared secrets are only used for Phase 1 SA negotiation. You'll still need to use a username or password for secondary authentication (via local, radius, etc).
Your post isn't very clear on what you are trying to achieve - Can you post more specifics?
Your post isn't very clear on what you are trying to achieve - Can you post more specifics?
- Thread starter
- #3
Actually I use Cisco VPN Client 4x on some PC to connect by VPN to my network, to do this my configuration have this entry:
ip local pool Networking 10.0.1.1-10.0.1.30
sysopt connection permit-ipsec
crypto ipsec transform-set TRSET esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set TRSET
crypto map VPN 10 ipsec-isakmp dynamic dynmap
crypto map VPN interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup Networking address-pool Networking
vpngroup Networking dns-server 192.168.1.2
vpngroup Networking wins-server 192.168.1.2
vpngroup Networking idle-time 1800
vpngroup Networking password ********
In my VPN Client software configuration I put
User: Networking Password: MyPassword.
I want to use Digital Certificate in sostitution to User and Password.
I need to know ho to improve this.
Tks for all answers.
rrgg.
ip local pool Networking 10.0.1.1-10.0.1.30
sysopt connection permit-ipsec
crypto ipsec transform-set TRSET esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set TRSET
crypto map VPN 10 ipsec-isakmp dynamic dynmap
crypto map VPN interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup Networking address-pool Networking
vpngroup Networking dns-server 192.168.1.2
vpngroup Networking wins-server 192.168.1.2
vpngroup Networking idle-time 1800
vpngroup Networking password ********
In my VPN Client software configuration I put
User: Networking Password: MyPassword.
I want to use Digital Certificate in sostitution to User and Password.
I need to know ho to improve this.
Tks for all answers.
rrgg.
- Thread starter
- #5
- Thread starter
- #6
Here's a good article on Cisco PKI:
Our environment has multiple sites using PIX's with a centralized Microsoft CA server. If you choose to go this route I'll be more than happy to help you with setup\config.
On your revocation question - the PIX verifies validity based on the certificate being signed by the CA. The PIX also checks the CRL list from the CA server for revocations and will deny access if it is included in the list.
Our environment has multiple sites using PIX's with a centralized Microsoft CA server. If you choose to go this route I'll be more than happy to help you with setup\config.
On your revocation question - the PIX verifies validity based on the certificate being signed by the CA. The PIX also checks the CRL list from the CA server for revocations and will deny access if it is included in the list.
- Status
Similar threads
- Locked
- Question
- Locked
- Question