05-23-2007 06:44 AM
Dear friends,
I need help or guide about how to setup as state in the title.
Is this configuration can be done? or the self-signed certificate can never be used for VPN certificate.
Unfortunately we can't deploy a dedicated CA Server.
But we can't use preshared-key authentication also because the configuration would force our ASA to disable the "isakmp am-disable" which is unacceptable according to our independent network auditor.
So the best solution i can think is we have to use self-signed certificate to accomodate this.
Please advice me if there is somehow i can use "isakmp am-disable" along with preshared key.
Can i generate certificate using my ASA box ? or i really need to use dedicated CA Server to make it work.
Here is an sample of the self-signed certificate from ASA but i can't import it to my Cisco VPN Client 5.0 it keep say "Error 39: Unable to import certificate"
MIIGpwIBAzCCBmEGCSqGSIb3DQEHAaCCBlIEggZOMIIGSjCCBkYGCSqGSIb3DQEH
...removed
SdCTfNIaE11Fm+rOMD0wITAJBgUrDgMCGgUABBS6s9ZMs6MoqQ0tdZuKRZuebbE3
owQU/z10f/Ew3XMfWBYSV5Eo3evqqgwCAgQA
I'll be very very grateful to any guidance provided.
Best Regards,
Sab
Solved! Go to Solution.
05-25-2007 12:27 PM
Sab,
You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.
You cant use the self-signed certificate on the ASA for the VPN client.
Cheers,
Gilbert
05-25-2007 12:27 PM
Sab,
You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.
You cant use the self-signed certificate on the ASA for the VPN client.
Cheers,
Gilbert
05-25-2007 06:40 PM
Hi Gilbert,
this was my first post in forum, Thanks to you i know that we can't use self signed certificate for IPSecVPN.
Lets back to the other threads. i believe this thread is solved.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: