Q. VPN remote access clients user and ASA certs are generated off of the intermediate CA server.?
Does the ASA need to have the Root CA cert installed on the ASA along with the Intermediate CA cert? Or will just the Intermediate CA cert suffice?
A. On the ASA you need only the Intermediate/Subordinate CA cert installed. O nhte lcient you need all 3 certs installed:Root CA, Subordinate CA, and Identity certificate.
Q. How does the ASA checks for CRLs with multiple CA certificates installed?
On the ASA we have CA cert1 and CA cert2, client are connecting using user1 certificate signed by CA cert1 and user2 using sertificate signed by CA cert2 how does the ASA know how to query the right CRL list ??
A. The CRL location, CRL DP, is actually pulled out of the client certificate. The client certificate would have a 'CRL Distribution Points' extension that would provide a URL to the CRL location.
If the client certificate doesn't include such an extension then you could also configure static URL's or a combination of both depending on which check boxes you enable for CRL Retrieval Policy. This way you can configure the particular static URL relevant to the given CA certificate that you are configuring.
Dear experts, I've setup a DVTI with IKEv2 to get remote access into my 2901. However, the IKE session establishes, without any errors, the interface comes up, but no IP address is assigned to the Virtual-access interface. The client is a C881 runnin...
I am trying to setup my Stratix 5950 switch for Many to One NAT configuration using NAT rules in ASDM wizard.My Inside1 interface is already configured for VLAN 10 with IP 192.168.10.xx. The Outside Interface1 at 192.168.20. xx has a PC connected with IP ...
After upgrading to the last firmware available in your repository (184.108.40.206) to a RV110W, this notice is logged after the router start up: "Linux version 2.6.22 (zls@cybertan-team2) (gcc version 4.2.3) #47 Wed May 27 10:33:03 CST 2020"A quick search r...
Hi everyone, I have a bunch of Cisco 4321 Routers that I want to configure ACL on but I am running into some difficulties. I have an Internal Server connected to Router 3 that is using the Windows Time Service which acts as the NTP Server for the 3 R...