1. Home
  2. Cisco Systems
  3. 802.1x and VPN concentrators

802.1x and VPN concentrators

All, I have been trying to find out, via searching the Cisco site, if any model of the VPN concentrator does, or is expected to, support 802.1x authentication for client connections. I had no luck, so I wonder if anyone here knows.

Essentially, my problem is common. I want to authenticate machines against Active Directory to help ensure that the computer is a corporate asset and not personally owned. As usual, the eventual end goal is client compliance, but even then we'll want to ensure corporate ownership, so this will still be a necessary check.

Best regards and thanks in advance,

-Ds

Reply to
simonis
Loading thread data ...

In article , wrote: :I have been trying to find out, via searching the Cisco site, :if any model of the VPN concentrator does, or is expected to, :support 802.1x authentication for client connections.

It's indexed under "EAP".

:Essentially, my problem is common. I want to authenticate :machines against Active Directory to help ensure that the :computer is a corporate asset and not personally owned.

You may wish to investigate the VPN 3000 series support for Network Admission Control (NAC).

For EAP, see attribute 26 vendorid 18 and 19

formatting link

Reply to
Walter Roberson

Hi,

You might want to investigate certificate based group authentication. To use certificates you setup an CA on a corporate server and have it distribute computer certificates to all members of the domain (AD-feature). Now configure the VPN3000 to use certificate based group authentication. Clients will now have to select a certificate in their VPN clients in order to be able to connect to the VPN3000. This way only corporate computers (members of the AD-domain, which have a certificate) will be able to connect! Secondly, the new NAC options on the VPN3000's might be able to give you an alternative way of doing this.

Erik

Reply to
Erik Tamminga

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.