Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
5
Helpful
2
Replies

Design question - IPSEC client with certs

gizbri
Level 1
Level 1

‎03-02-2011 06:10 AM - edited ‎02-21-2020 05:12 PM

When using certificates with the IPSEC VPN client is there a way use different polices as you would with connection profiles ?

Labels:
0 Helpful
2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

‎03-16-2011 02:55 AM

Hi,

yes, when using certificates you can use the 'tunnel-group-map' feature to map certificates to tunnel groups (aka connection profiles) based on certain field(s) in the certificate. By default the ASA will map the connection to a tunnel-group with the same name as the OU field in the cert's subject, but you can customize this to use another field.

cfr.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html#wp1053978

hth

Herbert

gizbri
Level 1
Level 1
In response to Herbert Baerten

‎03-16-2011 07:30 AM

Thanks Herbert - That may  fit, I will take a look.

Thanks

0 Helpful
Customers Also Viewed These Support Documents