3rd Party and Internal CA Cert for SSL VPN

mustsummit · ‎03-04-2014

I have a SSL Client VPN configuration setup using both AAA and cert for authentication. I am using internal MS PKI for my cert deployment. My question is what if I also want to do clientless connections to this same ASA. I have my ASA's identity cert trustpoint on the outside interface but it is only signed by my internal CA, not a public CA. So if anyone outside my company attempts to connect, the would see a certificate warning page correct?

Julio Carvajal · ‎03-04-2014

Hello,

Exactly, they will see that until they installed on their trusted certificate store. This because the source of the certificate is not trustworthy on the public internet.

Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mustsummit · ‎03-04-2014

There is no way to use different identity certs based on connection profiles?

Julio Carvajal · ‎03-04-2014

Hello,

Is this what you are talking about?

http://www.runtrocks.com/certificate-mapping-for-tunnel-groups-on-a-cisco-asa/

If that's the case as u can see the answer is yes

Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC