01-12-2009 10:20 AM
I have a pair of ASAs in failover configuration providing VPN load-balancing. I'd like to use a cert for the inbound requests and would like to know if I can use a wildcard cert for all devices or do I need to get individual certs per device and one for the load-balaning IP.
01-12-2009 01:09 PM
If you have a load balance setup, which is not the same as failover, you will need 3 Certs, 1 for the loadbalance ip address of FQDN which will be contained on both ASA devices and one certificate per box, pretty much your Formula will be #Certs=N+1 where N is your total number of ASA that you have.
01-13-2009 11:35 AM
Thanks. So basically vpn.domain.com and then vpn1.domain.com and vpn2.domain.com.
-Jake
01-12-2009 01:34 PM
This is a test.
01-12-2009 01:36 PM
This is another test.
01-12-2009 01:40 PM
Three for good luck.
01-13-2009 06:42 PM
You have 3 options:
1) 3 certificates (1 for vpn1, vpn2, and vpn)
2) a wild card certificate
3) a UCC certificate with 3 SANs (vpn, vpn1, vpn2)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide