03-23-2010 04:43 AM
ASA 5505 and certifiates authentification. i have Cisco ASA 5505, need to create vpn gateway, using mixed methos of athentification, it`s mean username password and certificate (prefer to use only cisco, so local user database and CA server), can somebody give me a link to documentation step by step how i can do this?
Maybe i need some additional equipmnet?
03-23-2010 05:37 AM
Assuming you would like sample configuration for IPSec VPN Client with certificate authentication and local database xauth:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
Hope that helps.
03-23-2010 05:40 AM
thak for help
but in this document used Microsoft CA as CA Server, i want to use internal ASA CA server,may be some other guide?
03-23-2010 05:51 AM
Here is how to configure ASA as a CA server:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html
Hope that helps.
03-23-2010 05:58 AM
yes i see it before too
but when y try to do this i have next few questions
1.before activate local CA server i need to instal root CA certificate or it will be done automatcly if i use asdm?
2. when i try to open next link https://ip address of cisco/+CSCOCA+/enroll.html using username otp password, i can`t athorize, may be some additional parametrs need, for example groupname/username?
p.s. i misunderstood how username from certifiates database will be recognized in local user database, because mixed type of athetification, at first post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide