In the process or redisgning current VPN deployment. Currently we have 300+ ASAs and 100 remote users on Windows Domain (Both are growing). Would like to use Certificates instead of Preshared Keys. Have some questions about the CA.
1) What are the pros and cons between using Enterprise or Standalone CA?
1a) What is more secure and more reliable?
1b) If we already have a domain, does using enterprise help? Benefits or problems?
2) Is it better to use 3rd party CA or manage one ourselves?
3) Any configuration tips or suggestions?