07-20-2011 05:44 AM
Hi all,
We have an ASA 5520 using for VPN & would like make use ASA's local CA to manage certificate.
Do you know if there's any limitation on number of certificates that the local CA supports ?
Thank you,
07-20-2011 06:13 AM
ASA Flash memory can store up to 3500 users, however if you require more than 3500 users, then external storage is required.
Here is URL for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html#wp1145073
Hope that helps.
07-21-2011 03:04 AM
Hi Jenni,
Thanks for the answer. Is the figure of 3500 based on 256MB flash memory which is the default flash on 5520 ?
Thank you,
07-21-2011 06:06 AM
Yes, that is correct.
08-17-2011 01:10 PM
Jennifer,
Do you know if ASA supports local ca server for IPSec Remote Access VPN authentication? If so, could you please point me to a relevant configuration guide?
Thanks
Kebadu
08-18-2011 01:14 AM
Yes, ASA supports local ca server for IPSec remote access VPN authentication.
Unfortunatley there is no specific sample configuration for IPSec remote access VPN authentication to ASA local CA server. However, yes, it is supported.
I would advise that you configure the ASA as a local CA server first. Here is the configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html
Here is a sample config for VPN Client using Microsoft CA certificate:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
Unfortunately there is no sample config for the ASA local CA, but the concept is the same based on the above 2 documents.
08-18-2011 08:28 AM
Jennifer, many thanks to your quick response. I will try to test it out using a spare asa we have and let you know the result.
Cheers!
Kebadu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide