About christopher.wallace

christopher.wallace · 05-04-2020

Can you use LUA scripts in ASA DAP (Dynamic Access Policies) to check the CA certificate template used for the certificate presented at connection time? Thanks.

christopher.wallace · 06-20-2017

Hi guys, I have a number of ASA firewalls that are managed via CSM (currently version 4.12). We now need to apply a control plane ACL to traffic arriving on our outside interfaces. I've created an extended ACL in the CSM Extended Access Lists polic...

christopher.wallace · 01-25-2017

Hi guys, How does an ASA verify/validate the certificate used for authentication of the remote end of an IKEv2 tunnel? I'm having some problems with setting up a. L2L IKEv2 VPN using certificate auth. The VPN is between 2 ASAs, but I only control 1 s...

christopher.wallace · 01-22-2015

Hi guys, We have had an issue reported by our users that their tannoy feature has stopped working. According to the phone system vendor, this feature requires multicast to be enabled. Over the weekend that it stopped working, we had a lot of work goi...

christopher.wallace · 12-11-2013

Hi all,I'm having some problems with certs in a failover pair.I've imported a wildcard cert onto the primary node in a failover pair. This cert was then bound to the outside interface. This is working on the primary node fine for clientless SSL VPNs....

christopher.wallace · 06-21-2017

I raised a call with TAC today and spoke to them. Using FlexConfig, you can't deploy an ACL policy that is referenced as a variable. You need to manually create any objects and then create the ACL using static commands. Following testing, it does a...

christopher.wallace · 01-30-2017

Just so you know, I am using Cisco Security Manager to configure the ASA. So, I've managed to get this to work using a certificate map, but I would like to check something. When configuring the crypto map, you specify the peers IP address using the I...

christopher.wallace · 01-28-2017

Hi guys, So a little further info. It looks like my end is being authenticated at the remote end, but I suspect they have disabled peer authentication. My trustpoint has both my identity certificate and the issuing CAs intermediate certificate. The r...

christopher.wallace · 01-26-2017

Thanks for the reply. The link has some very useful info about peer authentication, but this leaves me with some challenges. By policy, we cannot disable peer validation. I can probably enable this for testing purposes, but cannot leave this in place...

christopher.wallace · 12-12-2013

Thanks for the reply Colin.Unfortunately, when I failover to the standby device and try to import the cert, it says that the key already exists.The trustpoint exists when I look at the command line.

Member Since	‎12-07-2010 07:01 AM
Date Last Visited	‎03-27-2024 12:16 AM
Posts	22

User Statistics

User Activity

ASA DAP Certificate check CA Template

CSM FlexConfig to deploy ACL

ASA IKEv2 L2L VPN Cert Auth failing

Multicast traffic being blocked on voice vlan

Managing certificates in a failover pair

I raised a call with TAC

Just so you know, I am using

Hi guys,

Thanks for the reply. The

Managing certificates in a failover pair