Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
1
Replies

IPSec RA VPN with CA Outside

bnidacoc
Level 1
Level 1

‎05-11-2009 08:03 AM - edited ‎02-21-2020 04:13 PM

IPSec RA VPN with CA Outside

Does the CA have to be outside the firewall as diagramed in http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

We may have an aversion to having a CA internet assessable. Our RA VPN clients would not be so far away that they could never come into the office to get a cert first.

Thanks.

Labels:
0 Helpful
1 Reply 1

vmoopeung
Level 5
Level 5

‎05-16-2009 06:22 PM

With a CA, a peer authenticates itself to the remote peer by sending a certificate to the remote peer and performing some public key cryptography. Each peer sends its own unique certificate which was issued and validated by the CA. This process works because each peer's certificate encapsulates the peer's public key, each certificate is authenticated by the CA, and all participating peers recognize the CA as an authenticating authority.

Check the URL: Managing VPN Remote Access:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html

Configuring IPSec and Certification Authorities:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecint.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents