Cisco ASA / SSL Proxy with client-certificates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2013 08:39 AM - edited 03-11-2019 07:13 PM
Hi All,
A customer want to replace his old Microsoft ISA firewall with another device.
I thought of a redundant Cisco ASA pair. The new firewall has to meet the following requirement:
The new Firewall has to validate SSL client-certificates against Microsofts Active Directory
and act as a SSL proxy between server and client.
Does somebody know if that is possible with a Cisco ASA? Or maybe with another Cisco product?
Thank a ton,
Johannes
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2013 11:46 AM
If by "validate SSL client-certificates against Microsofts Active Directory" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.
Now, as for the "act as a SSL proxy between server and client" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a TLS/SSL proxy feature.
Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified.
