Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
5
Helpful
2
Replies

Certs for Multiple SSL VPNs on Cisco ASA

Go to solution
Colin.mohlmann
Level 1
Level 1

‎09-27-2021 11:52 AM - edited ‎09-27-2021 11:53 AM

I have a Cisco ASA running 7.14. I have 2 WAN interfaces and a separate SSL vpn pointed to each WAN address. I have purchased 2 trusted certs and installed them. Is there a way to assign the correct cert to each AnyConnect profile?

 

vpn.<company.com>

vpn.backup.<company.com>

 

SSL certs were purchased specifically for each FQDN.

 

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-28-2021 03:52 AM

Hi @Colin.mohlmann,

Yes, it is possible to use different certificates on different interaces. Command should be something like:

ssl trust-point TPoint01 outside1

ssl trust-point TPoint02 outside2

These commands will present certificate imported under 'TPoint01' to all SSL VPN users coming from 'outside1' interface, and same goes for second command and interface.

Btw, you didn't had to purchase two different certificates for this purpose. You could have purchased one certificate, with multiple SANs, containing both FQDNs, and then apply same certificate on multiple interfaces.

BR,

Milos

 

View solution in original post

2 Replies 2

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-28-2021 03:52 AM

Hi @Colin.mohlmann,

Yes, it is possible to use different certificates on different interaces. Command should be something like:

ssl trust-point TPoint01 outside1

ssl trust-point TPoint02 outside2

These commands will present certificate imported under 'TPoint01' to all SSL VPN users coming from 'outside1' interface, and same goes for second command and interface.

Btw, you didn't had to purchase two different certificates for this purpose. You could have purchased one certificate, with multiple SANs, containing both FQDNs, and then apply same certificate on multiple interfaces.

BR,

Milos

 

Go to solution
Colin.mohlmann
Level 1
Level 1
In response to Milos_Jovanovic

‎09-28-2021 06:18 AM

Worked like a charm. Thanks!

0 Helpful
Customers Also Viewed These Support Documents