Integrating ASA with a Certificate Authority

Unanswered Question
Oct 16th, 2008
User Badges:

Hi All,


In accordance with the security policy of one of my clients, I need to integrate ASA5510 with a CA to authenticate Remote Access VPN users when connecting to the ASA. This is a small network with only about 50 VPN users.


I have tried speaking with some CAs such as VeriSign and Secure Computing but they said they do not provide such service to small companies like my client. Can anyone recommend a CA I can use who would be able to accomodate a small company like my client?


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Thu, 10/16/2008 - 06:07
User Badges:
  • Silver, 250 points or more

If you have such a small network, why not be

your own CA server? You can use Microsoft CA

server and it is free.

a.ajiboye Fri, 10/17/2008 - 02:31
User Badges:

Thanks. I am working on that but this document (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml) places Microsoft CA on the Outside Interface of the ASA.


Does this mean that I need to have a dedicated server with a public IP address with Microsoft CA implemented on it? How would this server be protected since it is sitting before the firewall and not on the LAN?


Wouldn't the essence of having a CA authenticate Remote Access VPN clients be defeated since a hacker can compromise the Microsoft CA server that I would install and place before the ASA Outside interface?


Thank you.

cisco24x7 Fri, 10/17/2008 - 05:09
User Badges:
  • Silver, 250 points or more

You CAN place the Microsoft CA Server BEHIND

the firewall and NAT the Microsoft CA Server

through the firewall. The Server will be

protected by the ASA.

Actions

This Discussion