cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
0
Helpful
5
Replies

VPN with certificates

maxtma
Level 1
Level 1

Hi,

I want to configure a site-to-site VPN with digital certificates.

How can I install a CA on the ASA 5520? The ASA must use the certificate from the local CA and also use the public certificate from the VPN server on the other side of the tunnel.

On the ASA is IOS 8.0(3) installed.

Thanks, for your help.

1 Accepted Solution

Accepted Solutions

Farrukh Haroon
VIP Alumni
VIP Alumni

I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml

For other commercial vendors you can find instructions on ther respective websites

Some other examples:

http://www.cisco.com/warp/public/471/verisign-install-asa.pdf

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml

Regards

Farrrukh

View solution in original post

5 Replies 5

Farrukh Haroon
VIP Alumni
VIP Alumni

I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml

For other commercial vendors you can find instructions on ther respective websites

Some other examples:

http://www.cisco.com/warp/public/471/verisign-install-asa.pdf

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml

Regards

Farrrukh

Thank you for your answer.

Our CA must be installed on the ASA. On the other side of the VPN is no CA. The certificate was manually generated by a tool.

How can I import the manually generated public certificate from the ohter side of the VPN in my ASA? No import from a CA.

Well first you need have to have the CA's certifcate that granted/issues this Certificate loaded on the ASA. Does this 'tool' have a certificate like a normal Certificate Authority does?

Then you can just import the certificate issues by this tool using the normal manual enrollment process.

Regards

Farrukh

We have installed a Microsoft CA and it is working fine.

Thanks for your help

Ragards

Markus

I'm glad to know you have it working now :)

Please rate helpful posts.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: