3 Replies Latest reply on Jul 30, 2019 9:25 PM by KWKirchner

    NSX SSL-VPN Plus Support for PKI/CAC/Smartcards

    KWKirchner Novice

      Is there currently support in the SSL-VPN client for the use of DoD CAC or other smartcards for the user authentication piece?  If not, is it on the roadmap?

        • 1. Re: NSX SSL-VPN Plus Support for PKI/CAC/Smartcards
          djberlin Lurker

          I have the same question, as this is a CAT3 STIG finding. Not to mention, provides 2FA for other DoD requirements (i.e. Network Policy STIG).

           

          Remote Access VPN STIG :: Release: 7 Benchmark Date: 27 Jul 2012

          Vuln ID: V-21541

          Severity: CAT III

           

          The remote access solution will be configured to authenticate (DOD PKI preferred) all endpoints requesting access to the network; to include mutual authentication between the remote access server device and the endpoint will be enforced prior to network admission.

          • 2. Re: NSX SSL-VPN Plus Support for PKI/CAC/Smartcards
            nreyesv79 Novice
            VMware Employees

            Hello There,

            The problem with this kind of features (smart card reader) is how the client OS manage the certificates, for instance, Windows machines store the certificate in the personal certificate store and our VPN client SW goes there to look for the certificate. Linux use different stores (depends on the distribution) hence VMware doesn't support these clients with SC readers.

            I did an implementation with smartcard reader and it is supported only on windows clients.

            HTH

            Cheers

            • 3. Re: NSX SSL-VPN Plus Support for PKI/CAC/Smartcards
              KWKirchner Novice

              Implementation on Windows would be fine for us.  Can you share your implementation details?