Wednesday, September 16, 2020

Cisco Anyconnect VPN with Microsoft certificate services

Currently the VPN setup I have configured uses SSL encryption and for authenticating users the ASA uses the local AD accounts + local user certificates. These user certificates are generated by the ASA's local CA server. I'm trying to implement Cisco failover but this can't be done while the ASA has a local CA server enabled.

So I'm trying to find an alternative CA server that will allow me to configure user certificates so the user can authenticate using these certificates, while at the same time still authenticating with their AD account. I've decided to try and use Microsoft 2019 server CA function.

What I'm asking is that is it even possible to do what my current ASA setup is doing (e.g. users have installed their unique user certificate and are presenting it to the firewall when connecting) but with Microsoft's CA server. I haven't found much information on the web on how to implement this with Anyconnect, only guides I've found is the use of SCEP. The users are pretty technical so manually installing certificates is no problem.

Any help will be greatly appreciated.



No comments:

Post a Comment