Hello everybody, we are running the latest PAN-OS 4.1.0 and Panorama in an evaluation environment and would like to deploy Client-VPN the following way: We do run our own CA in our Corporate network. We use our own PKI infrastructure and Aladdon eToken with client certificates on it for Client-VPN throgh MS ISA since years. Users do not know their MS AD-User account passwords, they do know their PIN for the PKI eToken only. We do not use Single-Sign-On. We do have our own Radius server (IAS). Problem: --------------- Connecting via client-vpn using (AD) user and password is not an option (s. above). Question(s): --------------- PaloAlto only supports PAP, but no EAP for certificates. True? To replace our ww infrastructure of MS ISA f. client-vpn, we need to logon using certificates on our clients and (if possible) PIN of PKI client. Is there any way to manage this? tkenning
... View more