cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
213
Views
0
Helpful
3
Replies

3rd Party and Internal CA Cert for SSL VPN

mustsummit
Beginner
Beginner

                   I have a SSL Client VPN configuration setup using both AAA and cert for authentication. I am using internal MS PKI for my cert deployment. My question is what if I also want to do clientless connections to this same ASA. I have my ASA's identity cert trustpoint on the outside interface but it is only signed by my internal CA, not a public CA. So if anyone outside my company attempts to connect, the would see a certificate warning page correct?

3 Replies 3

Julio Carvajal
Advisor
Advisor

Hello,

Exactly, they will see that until they installed on their trusted certificate store. This because the source of the certificate is not trustworthy on the public internet.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

There is no way to use different identity certs based on connection profiles?

Hello,

Is this what you are talking about?

http://www.runtrocks.com/certificate-mapping-for-tunnel-groups-on-a-cisco-asa/

If that's the case as u can see the answer is yes

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers