Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
When a router is configured for multiple trustpoints and all trustpoint certificates are valid for phase 1 authentication, is there a way to see which trustpoint was used for an IPSec tunnel outside of debug isakmp. I'd like to look at a DMVPN hub an...
Does anyone have specific experience with setting up an offline root CA with multiple subordinates issuing certs to routers for VPN authentication? I'm working on setting this up for testing and the documentation does not clearly state if I can have ...
I'm looking for advice from anyone who has implemented or tested ASA 8.0 in a VPN cluster using WebVPN and the AnyConnect client. I have a stand alone ASA configured with a public certificate for SSL as vpn.xxxx.org, which works fine. According to th...
Good Afternoon,I have a pair of ACS 4.0 Solution Engines that use TACACS+ for AAA with network equipment and authenticate wireless users to AD with the remote agents via Radius. I have a VPN 3030 that currently talks to a separate ACS running 3.3 whi...
Getting ready to install a second 3030 concentrator for redundancy. Has anyone noted any issues with recovering lan-to-lan tunnels during failover? Any particulars that need to be checked such as ipsec lifetime for the SA? Do remote endpoints even se...
After testing and going over the documentation again, it looks like the answer is to configure a root (online) with multiple RA (registration authorities) below it. In initial testing, certs still needed to be granted at the root server, but hopefull...
I finished configuring this setup with 8.0(3). I confirmed with TAC that the fix for the bug mentioned earlier in this thread does exist in this code.I did not have to do anything with the public certs that were requested and installed with 8.0(2) co...
Are you using certs from an internal CA? I have public certs that were requested from within 8.0.2. I don't mind removing everything and reinstalling the certs if I have to, but I'll try to downgrade from 8.0.3 to the interim release and see what hap...
Thanks,I configured this the other day and experienced the issue with 8.0.3. I was going to open a case tomorrow when on-site. Sounds like the answer is to drop back to the interim release. I'll give it a shot in the morning. Otherwise, things seem t...
An ASA with 7.0(7) code will accept a copy and paste of 6.x configuration and convert to the 7.x format. Example:FIXUP:VBASA(config)# fixup protocol dns maximum-length 512INFO: converting 'fixup protocol dns maximum-length 512' to MPF commandsVBASA(c...
