Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
5
Helpful
1
Replies

SSL VPN cannot use fqdn cisco asa 5505

Go to solution
jarinoo3
Level 1
Level 1

‎02-17-2017 05:43 AM

Hello, 

when I´m trying connect to my ssl vpn through web browser it is possible by ip address, but I cannot connect there with fqdn, I attached screens(1,2)

Second question is about temporary certificate from asa (screen(3)), I guess that it is some defaul certificate, how can I fix it, I need configure some trustpoint, but it is posible when I have already configured  ca server ? Certificate from ca server is used for authentication am I right?

This configuration is only for testing in lab, so I don´t want to pay for certificate, it is possible to do it without it, for example with self-signed certificate.

Thanks so much

Labels:
Preview file
24 KB
Preview file
23 KB
Preview file
19 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-17-2017 08:23 AM

Does your DNS server have an entry for the FQDN of vsb.cz? We would normally expect a format like hostname.domain.topleveldomain. In your screen shot your top level domain is your country (cz) and the vsb is the domain.

By default the ASA uses a self-signed certificate. For the lab it's not a problem to keep using that. If you want to get rid of the errors, then regenerate a self-signed certificate making sure to have first set the domain name and host name consistent with your DNS entry. Then install and trust the certificate on your lab computer(s).

See this guide for more details:

http://www.cisco.com/c/en/us/td/docs/security/asdm/identity-cert/cert-install.html

View solution in original post

1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-17-2017 08:23 AM

Does your DNS server have an entry for the FQDN of vsb.cz? We would normally expect a format like hostname.domain.topleveldomain. In your screen shot your top level domain is your country (cz) and the vsb is the domain.

By default the ASA uses a self-signed certificate. For the lab it's not a problem to keep using that. If you want to get rid of the errors, then regenerate a self-signed certificate making sure to have first set the domain name and host name consistent with your DNS entry. Then install and trust the certificate on your lab computer(s).

See this guide for more details:

http://www.cisco.com/c/en/us/td/docs/security/asdm/identity-cert/cert-install.html

Customers Also Viewed These Support Documents