cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2039
Views
0
Helpful
1
Replies

what is the impact of changing the public IP address to a FQDN instead on the ASA?

abood842001
Level 1
Level 1

Hi,

currently, I can only reach my ASA remotely via a public IP address, and I want to get a trusted certificate to secure the SSL VPN "HTTPs" page on the ASA, but in order to get it, the certificate issuer is requesting to use an FQDN instead of the IP address.

my question is, if I want to change how I reach my ASA externally from using a public IP address to an FQDN, will this impact the SSL or the IPsec VPN?

is there any impact?

also, does anyone know the steps to resolve the public IP address to an FQDN please?

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

It won't affect your SSL VPN other than give it a proper certificate to use. IPsec VPN won't be affected at all.

 

You just register a public DNS entry (assuming you have a public DNS or DNS provider) for the new FQDN. That FQDN is then used to resolve to your public IP address. The ASA presents the certificate and the Common Name (CN) matches the FQDN and AnyConnect is happy - no certificate errors.

 

If you don't have a public DNS server you can also do the same thing by manually updating the local hosts file for any remote clients. That way when they try to resolve the address that local file will give  them the FQDN ti IP address mapping thus accomplishing the same thing. (Most people don't do this outside a lab environment as it is not very scalable solution across more than one or two remote hosts.)

Review Cisco Networking for a $25 gift card