Re: [Fed-Talk] Authenticate VPN on Mac with CAC
Re: [Fed-Talk] Authenticate VPN on Mac with CAC
- Subject: Re: [Fed-Talk] Authenticate VPN on Mac with CAC
- From: "Timothy J. Miller" <email@hidden>
- Date: Fri, 21 Sep 2007 09:34:24 -0500
Robert--
The remote access TAII is built around L2TP/IPSec using the Cisco VPN
3000 and is currently the only approved AF CAC-enabled AF VPN
configuration.
https://itrm.hq.af.mil/itrm/index.jsp
It'll work with OS X with a couple of caveats. Most significant:
(1) the VPN3K certificate *must* have it's IP address in the
subjectAlternativeName extension, which is *not* normal for DoD or AF
VPN certs (but the AF PKI SPO may be able to accommodate); and (2)
the Cisco VPN3K *must* be configured to *only* send the identity
certificate during IKE or the Mac IKE process will get confused.
A second CAC-enabled remote access TAII is in the works, based on
Cisco's proprietary IPSec/TCP + XAUTH and the ASA5500 series device.
This will *not* work on OS X with the current implementation of the
Cisco Mac client.
-- Tim
On Sep 20, 2007, at 9:44 AM, Robert Kerr wrote:
We are required to use the CAC when when connecting via VPN. PC's
on site
can do this. Is there a way to do this on the Mac. Anyone in the
Air Force
been successful with this? I see that I can use the VPN client
built into
the Mac and point to the cert on my CAC.
What's involved in setting this up? I need to give the PC network
people
more info on this.
Thank You
Robert
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden