Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

ASA PKI CA and IPSEC VPN

Chris Lester
Level 1
Level 1

‎08-29-2015 03:46 AM - edited ‎02-21-2020 08:26 PM

Hi All,

I have an ASA which terminates IPSEC VPN’s from both internal/private networks and from Public/3rd Party networks at the Edge.

Can an ASA5500x running IOS9.3.x  register (trust points / enrolments) with multiple CA’s ?  (Private and Public)

For example could I , on one side have an Internal and private registered CA, but on the Public side register with for example Verisign / GeoTrust, etc ? 

If this can be supported, what domain-name should be used, as the internal domain-name is country.companyname, which i assume would not be what the Public CA provider would want  (companyname.com for example) ?

 

Thanks for your help and feedback.

 

Chris.

Labels:
0 Helpful
1 Reply 1

Peter Koltl
Level 7
Level 7

‎08-30-2015 12:55 PM

Why not? You can use multiple certs and multiple trustpoints (i. e. CA certs). Place a suitable FQDN into either cert.

0 Helpful
Customers Also Viewed These Support Documents