cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
0
Helpful
2
Replies

Concentrator 3000: X.509 cert on Pub Interface...

abatson
Level 1
Level 1

I have a requirement to find out how, if at all, the Cisco VPN Client can use an X.509 certificate to prove the validity of a VPN Concentrator. -Much like a web browser uses an SSL cert to prove that a given webserver is valid. Note that I do not need to do cert-based authentication. I see that I can install a cert on the Public Interface on the concentrator, but can someone tell me how, if at all this can play a role in how the client checks the validity of the concentrator its logging into?

2 Replies 2

smukhanin
Level 1
Level 1

Client checks certificate validity with CA root certificate, concentrator will have cert frome the same CA with root certificate also...so they will trust both if they trust same CA..

I think thats true :)

My Pub interface currently has a self-signed cert on it. --Since this can't be followed back to a trusted CA, why can my VPN clients connect at all? --What policy (and where) causes the VPN client to be able to connect (or denies connection) if the cert being sent from the Concentrator can't be follwed back to a trusted root?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: