ASA 5505 and certifiates authentification.

dmitry042 · ‎03-23-2010

ASA 5505 and certifiates authentification. i have Cisco ASA 5505, need to create vpn gateway, using mixed methos of athentification, it`s mean username password and certificate (prefer to use only cisco, so local user database and CA server), can somebody give me a link to documentation step by step how i can do this?

Maybe i need some additional equipmnet?

Jennifer Halim · ‎03-23-2010

Assuming you would like sample configuration for IPSec VPN Client with certificate authentication and local database xauth:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

Hope that helps.

dmitry042 · ‎03-23-2010

thak for help

but in this document used Microsoft CA as CA Server, i want to use internal ASA CA server,may be some other guide?

Jennifer Halim · ‎03-23-2010

Here is how to configure ASA as a CA server:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html

Hope that helps.

dmitry042 · ‎03-23-2010

yes i see it before too

but when y try to do this i have next few questions

1.before activate local CA server i need to instal root CA certificate or it will be done automatcly if i use asdm?

2. when i try to open next link https://ip address of cisco/+CSCOCA+/enroll.html using username otp password, i can`t athorize, may be some additional parametrs need, for example groupname/username?

p.s. i misunderstood how username from certifiates database will be recognized in local user database, because mixed type of athetification, at first post