cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
866
Views
0
Helpful
2
Replies

RemoteAccess VPN to ASA 7.2(2) using using self-signed Certificate

inghau
Level 1
Level 1

Dear friends,

I need help or guide about how to setup as state in the title.

Is this configuration can be done? or the self-signed certificate can never be used for VPN certificate.

Unfortunately we can't deploy a dedicated CA Server.

But we can't use preshared-key authentication also because the configuration would force our ASA to disable the "isakmp am-disable" which is unacceptable according to our independent network auditor.

So the best solution i can think is we have to use self-signed certificate to accomodate this.

Please advice me if there is somehow i can use "isakmp am-disable" along with preshared key.

Can i generate certificate using my ASA box ? or i really need to use dedicated CA Server to make it work.

Here is an sample of the self-signed certificate from ASA but i can't import it to my Cisco VPN Client 5.0 it keep say "Error 39: Unable to import certificate"

MIIGpwIBAzCCBmEGCSqGSIb3DQEHAaCCBlIEggZOMIIGSjCCBkYGCSqGSIb3DQEH

...removed

SdCTfNIaE11Fm+rOMD0wITAJBgUrDgMCGgUABBS6s9ZMs6MoqQ0tdZuKRZuebbE3

owQU/z10f/Ew3XMfWBYSV5Eo3evqqgwCAgQA

I'll be very very grateful to any guidance provided.

Best Regards,

Sab

1 Accepted Solution

Accepted Solutions

ggilbert
Cisco Employee
Cisco Employee

Sab,

You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.

You cant use the self-signed certificate on the ASA for the VPN client.

Cheers,

Gilbert

View solution in original post

2 Replies 2

ggilbert
Cisco Employee
Cisco Employee

Sab,

You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.

You cant use the self-signed certificate on the ASA for the VPN client.

Cheers,

Gilbert

Hi Gilbert,

this was my first post in forum, Thanks to you i know that we can't use self signed certificate for IPSecVPN.

Lets back to the other threads. i believe this thread is solved.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: