Hi Karthikeyan,

We are using 3.0.11042 for anyconnect secure mobilty client.In apple phone tunnel is established but I am not able to access my intranet home page.I have seen tunnel is established receving hapeen and sending is zero.

I have configured by using the following steps:

1.Install anyconnect image to My Flash,

2.Enable SSL VPN client,

3.configured outside interface,

4.For User authentication,I have configured AAA server.

5.Finally I configured Policy for the Anyconnet.

Can you suggest how to install Certificate management for SSL VPN.where I find this one?

Thanks in advance for your support.

Regards,

Mohamed kabeer

Hi Mohammed,

Can you post your FW configuration, so that i can check any issues with related to configuration.... because i do not see any related caveats for the same....

For certificate installation..... you have different methods..... one is download by configuring the cert server... other is a manual cert installation......

For Manual Method..... if you are about to install a cert from a 3rd party CA authority....

if so you have to create the crypto key in your firewall for the ssl cert..... after that cert signing request..... then that has to be submitted to CA authority... they will give you cert and you have to install it.....

Other method is pointing the CA server address / url in fw and FW will pull the required cert from CA server....

which method you want to install..... I will suggest the conf change based on your suggestion......

Regards

Karthik

Hi Karthikeyan,

We Already have wild card SSL Certification.How to enroll My ASA outside interface to this certification.We have URL for outside interface.We bind this URL for IP in Public DNS.How to add this URL with Wild Card SSL certification.

Thanks and regards,

Mohamed kabeer.S

Hi Mohammed,

Already you have the wildcard ssl certificate? So am assuming you already have the enrollement done and completed with the initial certfication steps.... you have the intermediate, root and ssl certificates.....

so then you have to do with this.

crypto ca authenticate <trustpoint name>

!copy paste the root certificate & then intermediate in continious!

-----Begin------------

aaaaaaa

----end---------------

------------begin---------

sssssssss

---------end--------------

quit

#crypto ca import   < Trustpoint label> certficate

!copy and paste the ssl certificate!

---------------begin------------

eeeeeeeee

----------------end-----------------

quit

!

ssl trust-point <trustpoint name>  outside

!

These steps will enroll the certificate for you......

Regards

Karthik

Hi karthick,

We have webhost4life public DNS.Now I just bind URL for my outside interface IP address.then where I add SSL certification for my URL.I am new to here please assist me regards this.

Thanks and Regards,

Mohamed kabeer.S

Hi Mohammed,

How did you got the certficate? I am wondering how you got the certificate without having the CSR generated?

If you are pointing it to the Certificate authority server, it will automatically pull the certficate....

Please let me know how you got the certificate?

Regards

Karthik

Hi karthick,

Thanks for your support.

Sorry for the late response. For certification, I don't know the basic thing.Now only I hear that one.Previouly I work with routing and switching.Kindly help me how I get the cerfication from the basic.

Thanks and Regards,

Mohamed kabeer.S

Hi Mohammed,

Please refer the attached file for the manual method.

Note: Certificate information provided here is a dummy certificate.

Regards

Karthik