Solved: Re: FTD version 6.3 VPN

malikashraf · ‎06-06-2022

hey folks does anyone know we running FTD 6.3 FMC 6.3 and trying to create a certificate DN for authentication is the possible?

Thank you.

Sheraz.Salim · ‎06-06-2022

If i remember had a similar issue with FTD 6.3. we tried to make it work but it didnt later we opened a Tac case and the Nice guy at Tac engineer shared a snipping tool with us. 6.3 does not support DN cert authentication.

please do not forget to rate.

View solution in original post

Rob Ingram · ‎06-06-2022

@malikashraf yes you can use certificate authentication when using FTD/FMC 6.3

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_site_to_site_vpns.html

FYI, you should probably look to upgrade as 6.3 very old and there are considerably more features in newer versions, as well as bug fixes!

malikashraf · ‎06-06-2022

Hi Rob yes we know its old version and need upgrading. We are working on this with customer. however the requirement is Certificate DN for authentication is required

Mohammed al Baqari · ‎06-06-2022

Are you trying to generate a CSR? Didn't get the exact question.

malikashraf · ‎06-06-2022

@Mohammed al Baqariwe need a site-to-site VPN with Cert based but the customer requirement is it has to be on Certificate DN not on CN.

Marvin Rhoads · ‎06-06-2022

As Rob mentioned, you can use certificates (with associated certificate maps) for site-site VPN authentication. When using a certificate map you can use any field, including DN (Distinguished Name), to match on and authenticate.

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/reusable_objects.html#id_42800

Sheraz.Salim · ‎06-06-2022

If i remember had a similar issue with FTD 6.3. we tried to make it work but it didnt later we opened a Tac case and the Nice guy at Tac engineer shared a snipping tool with us. 6.3 does not support DN cert authentication.

please do not forget to rate.