Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
2
Replies

FTD Certificate Authentication - Remote Access VPN

Kai Rong
Level 1
Level 1

‎10-09-2019 09:19 PM - edited ‎02-21-2020 09:34 AM

Hello experts,

 

We recently migrated from ASA to FTD (FMC managed) running 6.4 code. The remote access SSL VPN works great with a Public signed cert, however we are no longer able to authenticate another VPN profile designed for Cisco IP Phones that uses certificate based authentication.

 

Looking at the phone logs, it appears that the FTD only uses the public signed cert during the exchange, is there currently a limitation on the FTD that only allows 1 CA to be used for certificate based authentication? We imported the phone's CA under FMC> Devices > Certificates and verified it on the FTD's CLI. The only difference I noticed is that on FMC, due to the fact I manually imported the CA's cert, its asking me to install identity certificate as well, which I don't have, nor it was required on the legacy ASA platform.

 

Could someone point me to the right direction?

 

Thank you,

 

Labels:
0 Helpful
2 Replies 2

Kai Rong
Level 1
Level 1

‎10-10-2019 05:50 PM

After playing with GUI option for hours, I tried to deploy it using flexconfig and following the ASA syntax. It worked.. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kai Rong

‎10-11-2019 03:20 AM

Thanks for the update.

Are you able to share the Flexconfig that you used? It would be a useful piece of knowledge for the community.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card