Certificates on VPN

[Bruce]

We have created certificates for several different users
on a Windows 2000 server.

We connect to the network through a Cisco 3000 VPN
concentrator box.

We are able to connect to the network with the cert, but
we only want to be able to connect with the assigned cert
for each user.

I am able to logon to the network using another users
cert. Is there a way to not allow this and force the
certs to be user specific?

 

[David Cross [MS]]

I don't understand the scenario completely. Certs are user specific... but
if you give your cert to another user... the system can't tell the
difference between you and another physical person...

 

[Guest]

-----Original Message-----
We have created certificates for several different users
on a Windows 2000 server.

We connect to the network through a Cisco 3000 VPN
concentrator box.

We are able to connect to the network with the cert, but
we only want to be able to connect with the assigned cert
for each user.

I am able to logon to the network using another users
cert. Is there a way to not allow this and force the
certs to be user specific?
.
You can do this by enabling "Certificate Mapping" in

Windows 2000 Active Directory using an Enterprise CA. As
far as interfacing it to a Cisco box - good luck, you may
be about to find out you've been suckered into buying
several thousand bucks worth of kit and ending up with
something that is inferior to the stuff that gets bundled
into Windows for free. If you can send it back I'd highly
recommend it, concentrators are a very bad joke.