03-04-2014 07:00 AM - edited 03-11-2019 08:53 PM
I have a SSL Client VPN configuration setup using both AAA and cert for authentication. I am using internal MS PKI for my cert deployment. My question is what if I also want to do clientless connections to this same ASA. I have my ASA's identity cert trustpoint on the outside interface but it is only signed by my internal CA, not a public CA. So if anyone outside my company attempts to connect, the would see a certificate warning page correct?
03-04-2014 07:33 AM
Hello,
Exactly, they will see that until they installed on their trusted certificate store. This because the source of the certificate is not trustworthy on the public internet.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
03-04-2014 07:41 AM
There is no way to use different identity certs based on connection profiles?
03-04-2014 10:48 AM
Hello,
Is this what you are talking about?
http://www.runtrocks.com/certificate-mapping-for-tunnel-groups-on-a-cisco-asa/
If that's the case as u can see the answer is yes
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide