Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,we want to migrate ASA to a failover cluster, but we must delete the local CA, because it is not supported there.
What CA do you use in such scenario for managing users and their certs? We tried MS AD CA, which worked fine for Identity certific...
Hello, as we need to make a failover Active/Standby cluster from our ASA, used as an Anyconnect users harbour, local CA is not allowed. I am basically fine as to how to generate certs for users on the Windows server, but cannot imagine, what about th...
Hello, I am trying to setup above.My idea is allow only SSL clients, they have a certificate, but maybe I didn't get the concept behind.I am using local AAA server and did setup users in local AAA database, including group policy, tunel ACLs etc.I di...
Hello,I am implementing ASA 5510 for SSL Anyconnect client RAS only. It will be a part of existing firewall infrastructure.ASA has a public internet (outside) interface to setup a VPN tunnel and should route all the RAS users traffic to internal ne...
Thanks for reply
Cisco Adaptive Security Appliance Software Version 9.9(1) Firepower Extensible Operating System Version 2.3(1.54)Device Manager Version 7.9(2)152
1.) As there is only few servers to be accessed from VPN, I can specify static route to ASA on them. Right ?> Yes, from the ASA you can route back multiple subnets/ip addresses to the inside switch, and the inside switch can take care of it from ther...
Hi, thanks a lot.I will probably workout some graphics to that tomorrow.Your idea is interesting. I checked, and our main internal switch is 3COM 4200G, which is L2, but allows L3 static routing. I will investigate it further, if it solves my outbou...
Hello,thanks for the reply.Firstly, Cisco firewalling is brand new to me, including official and non-official documentation, so I try to find the way out and follow books, if possible.That's way I am using mgmt interface for management Seconds, the ...
