5. Step 1 of 5: Arrange the Certificates
User Authentication ASA Authentication Cisco ISE
Windows VPN allows EAP-TLS Cert
based authentication for VPN. Thus,
we need to request a CA to issue a
certificate for a user.
• A certificate with private key
must be installed into the User PC
• Trusted Root CA certificate must
be added with its issuer.
Only Identity Certificate must be
installed into ASA, which binds
to the external interface facing
internet.
Root CA certificate must be
installed into ISE. This is the
CA certificate used to issue
the User cert for User
authentication.