Our web-vpn config
config vpn ssl web portal
edit "webaccess"
set web-mode enable
next
end
and our sslvpn auth-rule
config authentication-rule
edit 2
set groups "web-usuarios-groupo1"
set portal "web-access"
set client-cert enable
set user-peer "web-socpuppets"
next
end
User peer is a basic peer grup that defines the expected CA
config user peer
edit "web-socpuppets"
set ca "CA_Cert_9"
next
end
So any certificated sign by the named CA will be honored.
you can define various peer-group for each portal and portal type and use realm to control access
So when a user hits the portal he will have to correct the certificate for mutual TLS authentication.
This is just one of many ways to control web portal and sslvpn access by RSA certificates.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment