Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3664
Views
0
Helpful
4
Replies

ASA local certificate authority in failover

Go to solution
mulhollandm
Level 1
Level 1

‎07-13-2011 12:16 PM

folks

i was setting up an ssl vpn on an asa 5540 (8.2) but can't set up the local ca authority

its an active/standby failover pair

i knew it wasn't enabled on active/active but i didn't realise it was also not enabled on active/passive

has any one came across this or know whether it can be enabled?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-14-2011 12:11 AM

Hi,

Unfortunately it is also not supported in active/standby scenario.

There is an enhancement request to have this feature implemented so I would advise you to get in touch with your account team if this feature is important to you so that they can have it prioritized accordingly: CSCsm17487 Local CA: Failover / Load Balancing Support.

Regards,

Nicolas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-14-2011 12:11 AM

Hi,

Unfortunately it is also not supported in active/standby scenario.

There is an enhancement request to have this feature implemented so I would advise you to get in touch with your account team if this feature is important to you so that they can have it prioritized accordingly: CSCsm17487 Local CA: Failover / Load Balancing Support.

Regards,

Nicolas

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to Nicolas Fournier

‎07-14-2011 07:45 AM

nicolas

many thanks for your help

0 Helpful

Go to solution
Alejandro Cadarso Cerdeirina
Level 4
Level 4
In response to Nicolas Fournier

‎06-23-2013 07:47 AM

Hi Nicolas,

The documentation bug is not corrected and there isn't any news about supporting failover either, taking into account that there are 9.0 and 9.1 updated versions !!!!

Do you have any updated information about it?

Thanks in advance

0 Helpful

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee
In response to Alejandro Cadarso Cerdeirina

‎06-23-2013 10:48 AM

Hi Alejandro,

CSCsm17487 is not a documentation bug but a enhancement request.

You are right, it is not yet implemented so you won't be able to use the local CA in failover even if you upgrade to 9.X.

If this feature is vital to you, I would advise to go to your account team so they can contact the ASA product team to prioritize it's implementation.

The best (easiest) way to go IMHO is to use a router a CA instead of the ASA itself.

Regards,

Nicolas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents