Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
0
Helpful
2
Replies

ASA SCEP Enrollment - Management Interface?

Go to solution
Robert Cervantez
Level 1
Level 1

‎09-02-2020 11:23 AM

I'm trying to setup SCEP enrollment but receiving the following error:

 

MYFW(config-group-policy)# scep-forwarding-url value http://myscepserver/path/scep.xxx

Attempting to retrieve the CA/RA certificate(s) using the URL. Please wait ...
WARNING: Failed to receive the CA/RA certificate(s) from the CA

 

I believe that this may be due to the firewall attempting to an interface other than 'management' to connect.  Unfortunately, none of my other interfaces have access to http://myscepserver URL.

 

Is it possible to use the management interface for scep-forwarding-url command?

 

I could not find a way to do it similarly to how it's possible with many other commands such as:

route management x.x.x.x

name-server x.x.x. management

aaa-server xxx (management)

http x.x.x management

ssh x.x.x management

etc., etc.

 

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎09-08-2020 09:04 AM

Hi Roberto,

 

The issue you are describing will be expected considering CSCvg99811, as the workaround says you should be able to get this working by configuring the interface on which the CA resides as normal, not management-only.

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎09-08-2020 09:04 AM

Hi Roberto,

 

The issue you are describing will be expected considering CSCvg99811, as the workaround says you should be able to get this working by configuring the interface on which the CA resides as normal, not management-only.

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

0 Helpful

Go to solution
Robert Cervantez
Level 1
Level 1
In response to JP Miranda Z

‎09-08-2020 10:40 AM

Thank you.  I could not find that bug in my searches.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents