MicroNugget: How to Map a Connection Profile on the ASA from a Certificate

Показать описание

In this video, Keith Barker covers what a Connection Profile is in regards to the ASA. He’ll demonstrate how to map a connection profile from a certificate and then walk you through the steps you need to know to verify that everything you’ve configured is working properly.

When a user connects to an ASA to build a VPN tunnel, the ASA has to determine which connection profile to put the user into.

The profile determines several things, including how the user is authenticated and what pool of addresses are provided to him.

One of the ways you can do this is to take information out of the identity certificate on the user’s PC and then use that to map to a specific connection profile.

Keith will discuss what a connection profile consists of, how to map that from a certificate, and what steps to take to verify that it functions correctly.

Start learning with CBT Nuggets:

Рекомендации по теме

Комментарии

Wow, thank you! My teammate and I have been banging our heads against the wall for a week trying to do straight cert based authentication but still applying an access policy based on AD user group (in this case OU). We were trying to do this in connection profiles & Dynamic access policies, when there was literally a menu item called "certificate to anyconnect profile map". Crazy how little information there was to accomplish what we were trying to do. I know this is 9 years late, but you totally saved the day!

mikemakesvidee-ohs

There are a list of mapping options, that are checked (or can be checked) when enabled. The default connection profile is likely being selected.

KeithBarker

Hi Keith, Thanks for the video. Could you also upload something similar to be done in case of webvpn (certificate-group-map)? Also, we noticed that even if we have 2 machine certificates, one having no matched attributes as defined on the certificate map, still manages to connect to AnyConnect VPN client, when selected from the certificate Pop-up. Why is that?

coldfire

MicroNugget: How to Map a Connection Profile on the ASA from a Certificate

MicroNugget: How to Map a Connection Profile on the ASA from a Certificate

MicroNugget: How to Configure Policy-Based Routing on Cisco Routers

MicroNugget: BGP Configuration Explained | CBT Nuggets

MicroNugget: What is Control Plane Policing?

MicroNugget: How to Build IPsec Site-to-Site Tunnels Using VTIs

MicroNugget: How to Use BSR for IPv4 MCaST

MicroNugget: How to Configure Standard ACLs on Cisco Routers

MicroNugget: What is BGP and BGP Configuration Explained | CBT Nuggets

MicroNugget: How to Use ASA VPN Connection Profiles

MicroNuggets: Policy-Based Routing (PBR) Explained

MicroNugget: How to Create a Client on Cisco IOS PKI Server

MicroNugget: How to Use ASA Firewall Packet Capture

MicroNugget: How to Control Application Layer Traffic on the ASA

MicroNugget: What is Route Redistribution?

MicroNugget: What is a Cut-Through Proxy on the ASA?

MicroNugget: How to Configure a Frame Relay Switch

MicroNugget: What are the Different Static Routes on the ASA?

MicroNugget: How to Prevent TCP Syn-Flood Attacks

MicroNugget: How to Verify DMVPNs

MicroNugget: What is FCoE?

MicroNugget: How to Use IPv6 EUI-64 Calculation on an IOS Router

MicroNugget: What are Dynamic Access Policies (DAP)?

MicroNugget: What is the Requirements Traceability Matrix (RTM)?

MicroNugget: What is Split Tunneling with Virtual Private Networks?