Q. Are digital certificates replicated in a Active/Standby configuration?
A. Yes. Third-party digital certificates (ie. from Entrust, Verisign, Microdoft,etc) that are installed on the Active ASA are replicated to the Standby ASA in an active/standby config. However, the ASA's Local/onboard CA-generated certificates (used for SSL VPN remote access) are not replicated to the standby ASA.
Q. Are there specific procedures in order to carry out the 3rd-party digital certificates replication in a Active/Standby configuration?
A. Digital Certificate replication across an Active/Standby Failover pair of ASA's only occurs during bulk replication processes.
Bulk replication processes are defined as :
1.Power cycling the ASA device
2.Performing a "write standby" operation on the active ASA
There is an enhancement request to be considered to able to replicate certificates at the time the certificate is imported into the ASA (no specific timeline has been defined).
CSCsr71150-certificates from imported pkcs12 are not replicated to standby
Q. With Active/Standby will one certificate installed in Active ASA be all that is needed to use it for SSL VPN remote access, or do I need one certificate installed on each ASA?
A. Only one certificate installed on on the Active AS is required, since the failover functionality wil handle the replication of same certificate and keys to the standdby ASA.
Hi All,Quick question, ISE Bond Ethernet Interfaces for High Availability?The NIC bonding feature is supported on all supported platforms and node personas - supported platforms• SNS 3500 and 3600 series appliances - Bond 0, 1, and 2• VMware virtual...
I am unable to connect to our VPN using Cisco AnyConnect on any phones or tablets. We have no problems using AnyConnect on a PC. Getting the following error: TCP access denied by ACL from xxx.xxx.xxx.xx/49279 to outside:xx.xxx.xxx.xx/80. Thank y...
Hi team, Need help in understanding an issue faced when creating a tunnel between Asa and Sonicwall (Issue got resolved) still need help to understand. SonicWall: Phase 1Ikev2Encryption aesAuthentication sha265Dh 14Lifetime 86400 Asa: phase...
Hello all, I am having some issues with 802.1x deployment. I When I login into a workstation using my admin account it all goes well. Authentication and authorization works as planned, I get the Dacl from ISE and everyone is happy. The problem is tha...