cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
5
Helpful
2
Replies
Highlighted
Beginner

ASA with redundant internet connections

Situation:

I have ASA 5506. With dual internet connection. It all works.

Problem: I need certificate for anyconnect on both outside interfaces.

They need different FQDN.

As far as I know ASA can have only one hostname. Can I achieve this?

Check the picture!

2 REPLIES 2
Highlighted
VIP Mentor

Re: ASA with redundant internet connections

The name(s) in the certificate is completely independent of the ASA hostname. You just have to:

  • pick two public FQDNs for the VPN
  • Get a certificate with these two FQDNs
  • configure these two FQDNs to point to your public IPs in DNS
  • Add the certificate to the ASA and configure both outside interfaces to use this certificate
Highlighted
Hall of Fame Guru

Re: ASA with redundant internet connections

Adding to what @Karsten Iwen said, in certificate terminology the additional Fully-Qualified Domain Names (FQDNs) associated with a certificate are known as Subject Alternative Names (SANs).

 

Some Certificate Authorities (CAs) refer to certificates with multiple SANs as "UC" certificates due to them being used historically with Unified Communications systems.