Hello
I am managing a CISCO Asa for a client. WAN Connection ends up in a ISR Router who is doing the NAT and after the ISR is the ASA.
On the inside there are few websites held by a Windows Server 2012-2016 AD infrastructure.
For internal hosts, client uses DC self-signed certificate.
For AnyConnect users to connect to the ASA we have 3rd party certificate.
What I am looking after is a solution for the external hosts ( coming via AnyConnect vpn) to see the internal websites as secure - the green lock as the client sees it.
Client does not want to purchase individual certs for websites , also the external hosts cannot be added to the domain.
Thanks
Andrei
Andrei Toma