09-10-2009 10:15 AM
I have a requirement to find out how, if at all, the Cisco VPN Client can use an X.509 certificate to prove the validity of a VPN Concentrator. -Much like a web browser uses an SSL cert to prove that a given webserver is valid. Note that I do not need to do cert-based authentication. I see that I can install a cert on the Public Interface on the concentrator, but can someone tell me how, if at all this can play a role in how the client checks the validity of the concentrator its logging into?
09-11-2009 07:11 AM
Client checks certificate validity with CA root certificate, concentrator will have cert frome the same CA with root certificate also...so they will trust both if they trust same CA..
I think thats true :)
09-11-2009 10:16 AM
My Pub interface currently has a self-signed cert on it. --Since this can't be followed back to a trusted CA, why can my VPN clients connect at all? --What policy (and where) causes the VPN client to be able to connect (or denies connection) if the cert being sent from the Concentrator can't be follwed back to a trusted root?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide