Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
4
Helpful
1
Replies

Site to site VPN using certificates???

austinmbailey1
Level 1
Level 1

‎10-13-2015 04:06 AM

Hello,

So today I am working on a site to site VPN in a test environment. I have the VPN built using pre shared key and verified connectivity from end to end. What I am looking to test is changing the pre shared key to a certificate based authentication to build the tunnel. I have never used certificate authentication for building a VPN connection, so I'm sure I'm missing a step or two in setting this up.

 

My steps:

1. load the identity certs in both ASAs

2. load the CA certs in both ASAs

3. change the connection profiles to use the identity certificates for IKEV1 and IKEV2......basically anywhere there is a preshared key, I changed it to the identity certificates.

If anyone has any advice or has done this before, I would greatly appreciate any advice. Thanks!

Labels:
0 Helpful
1 Reply 1

Andres Vega
Cisco Employee
Cisco Employee

‎10-16-2015 05:26 AM

Hello Austin,

 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110221-asavpnclient-ca.html

 

In the above link is explained step by step how to build a Site to Site VPN with certificates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents