About cairnsm

cairnsm · 05-07-2008

When a router is configured for multiple trustpoints and all trustpoint certificates are valid for phase 1 authentication, is there a way to see which trustpoint was used for an IPSec tunnel outside of debug isakmp. I'd like to look at a DMVPN hub an...

cairnsm · 04-22-2008

Does anyone have specific experience with setting up an offline root CA with multiple subordinates issuing certs to routers for VPN authentication? I'm working on setting this up for testing and the documentation does not clearly state if I can have ...

cairnsm · 09-25-2007

I'm looking for advice from anyone who has implemented or tested ASA 8.0 in a VPN cluster using WebVPN and the AnyConnect client. I have a stand alone ASA configured with a public certificate for SSL as vpn.xxxx.org, which works fine. According to th...

cairnsm · 11-14-2006

Good Afternoon,I have a pair of ACS 4.0 Solution Engines that use TACACS+ for AAA with network equipment and authenticate wireless users to AD with the remote agents via Radius. I have a VPN 3030 that currently talks to a separate ACS running 3.3 whi...

cairnsm · 02-06-2003

Getting ready to install a second 3030 concentrator for redundancy. Has anyone noted any issues with recovering lan-to-lan tunnels during failover? Any particulars that need to be checked such as ipsec lifetime for the SA? Do remote endpoints even se...

cairnsm · 04-22-2008

After testing and going over the documentation again, it looks like the answer is to configure a root (online) with multiple RA (registration authorities) below it. In initial testing, certs still needed to be granted at the root server, but hopefull...

cairnsm · 12-26-2007

I finished configuring this setup with 8.0(3). I confirmed with TAC that the fix for the bug mentioned earlier in this thread does exist in this code.I did not have to do anything with the public certs that were requested and installed with 8.0(2) co...

cairnsm · 12-20-2007

Are you using certs from an internal CA? I have public certs that were requested from within 8.0.2. I don't mind removing everything and reinstalling the certs if I have to, but I'll try to downgrade from 8.0.3 to the interim release and see what hap...

cairnsm · 12-20-2007

Thanks,I configured this the other day and experienced the issue with 8.0.3. I was going to open a case tomorrow when on-site. Sounds like the answer is to drop back to the interim release. I'll give it a shot in the morning. Otherwise, things seem t...

cairnsm · 11-21-2007

An ASA with 7.0(7) code will accept a copy and paste of 6.x configuration and convert to the 7.x format. Example:FIXUP:VBASA(config)# fixup protocol dns maximum-length 512INFO: converting 'fixup protocol dns maximum-length 512' to MPF commandsVBASA(c...

Member Since	‎01-20-2003 06:53 AM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	27
Total Helpful Votes Received	5

User Statistics

User Activity

View trustpoint used for ISAKMP in IOS?

IOS CA with offline root and multiple subordinates

ASA 8.0 VPN cluster with WEBVPN and Certificates

ACS 4.0 Network Profiles and External Radius/RSA

Feedback for VRRP failover wanted.

Re: IOS CA with offline root and multiple subordinates

Re: ASA 8.0 VPN cluster with WEBVPN and Certificates

Re: ASA 8.0 VPN cluster with WEBVPN and Certificates

Re: ASA 8.0 VPN cluster with WEBVPN and Certificates

Re: PIX 520 migration