cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


199
Views
0
Helpful
3
Replies
Beginner

Installing a Server 2008R2 root certificate on an FTD device.

Hi.

I have a Cisco ASA5508X, running FTD 6.2.2.1, controlled by a vFMC running FMC 6.2.2.1. Infrastructure include a Windows Server 2008R2 running as a DC.

I have managed to set up some site to site VPNs to Cisco ASA5506's as well as remote access client VPNs, authenticating via RADIUS to the Windows server, using the user's domain credentials. This all works fine.  

I am now attempting to set up client VPNs that use certificate based authentication. This will be for some Windows Tablets, running Windows pro 7 and 8. Idea is to use machine certificates, and have the tablets establish a VPN at powerup or login, with no user involvement.

I have configured a Windows Certificate Authority, and Machines are enrolling and grabbing a machine certificate just fine. The bit I am stuck with is somehow getting the CA certificate form the Windows CA installed on the FTD. Can anyone point me in the right direction?

3 REPLIES 3
Frequent Contributor

Re: Installing a Server 2008R2 root certificate on an FTD device.

I apologize for the question, but why do you need CA on ASA since authentication is performed by your NPS server through ASA for the VPN clients (as requester)?
Highlighted
Beginner

Re: Installing a Server 2008R2 root certificate on an FTD device.

Plan is to have TWO groups:
1. VPN for users who want to connect in manually from a variety of home PCs, laptops or whatever, and authenticate with their Active Directory credentials.

2. VPN for Windows 10 tablets, used by tradesmen in the field. These machines need to automatically connect to via inbuilt GSM cards, then establish a VPN connection into the LAN. Preferably at boot, with no user intervention.

The first VPN is working, it authenticates via RADIUS to the local DC. It is the second one that I am having trouble with.

Frequent Contributor

Re: Installing a Server 2008R2 root certificate on an FTD device.

For no2 I believe the issue lays on the NPS server config.
Did you enable NPS accounting and then read the log file. Here's an overview in the attachments.

What I would do: 

read the log file

attempt a VPN certificate connect

re read the file and lookup for connection Connection Request Policy and Network policy being used.

 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here