09-10-2009 10:15 AM
I have a requirement to find out how, if at all, the Cisco VPN Client can use an X.509 certificate to prove the validity of a VPN Concentrator. -Much like a web browser uses an SSL cert to prove that a given webserver is valid. Note that I do not need to do cert-based authentication. I see that I can install a cert on the Public Interface on the concentrator, but can someone tell me how, if at all this can play a role in how the client checks the validity of the concentrator its logging into?
09-11-2009 07:11 AM
Client checks certificate validity with CA root certificate, concentrator will have cert frome the same CA with root certificate also...so they will trust both if they trust same CA..
I think thats true :)
09-11-2009 10:16 AM
My Pub interface currently has a self-signed cert on it. --Since this can't be followed back to a trusted CA, why can my VPN clients connect at all? --What policy (and where) causes the VPN client to be able to connect (or denies connection) if the cert being sent from the Concentrator can't be follwed back to a trusted root?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: