09-27-2021 11:52 AM - edited 09-27-2021 11:53 AM
I have a Cisco ASA running 7.14. I have 2 WAN interfaces and a separate SSL vpn pointed to each WAN address. I have purchased 2 trusted certs and installed them. Is there a way to assign the correct cert to each AnyConnect profile?
vpn.<company.com>
vpn.backup.<company.com>
SSL certs were purchased specifically for each FQDN.
Thanks in advance.
Solved! Go to Solution.
09-28-2021 03:52 AM
Hi @Colin.mohlmann,
Yes, it is possible to use different certificates on different interaces. Command should be something like:
ssl trust-point TPoint01 outside1
ssl trust-point TPoint02 outside2
These commands will present certificate imported under 'TPoint01' to all SSL VPN users coming from 'outside1' interface, and same goes for second command and interface.
Btw, you didn't had to purchase two different certificates for this purpose. You could have purchased one certificate, with multiple SANs, containing both FQDNs, and then apply same certificate on multiple interfaces.
BR,
Milos
09-28-2021 03:52 AM
Hi @Colin.mohlmann,
Yes, it is possible to use different certificates on different interaces. Command should be something like:
ssl trust-point TPoint01 outside1
ssl trust-point TPoint02 outside2
These commands will present certificate imported under 'TPoint01' to all SSL VPN users coming from 'outside1' interface, and same goes for second command and interface.
Btw, you didn't had to purchase two different certificates for this purpose. You could have purchased one certificate, with multiple SANs, containing both FQDNs, and then apply same certificate on multiple interfaces.
BR,
Milos
09-28-2021 06:18 AM
Worked like a charm. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide