Remote Access VPN using Mutual Group Authentication ( CA certificate)

s.aliyarukunju · ‎07-01-2012

Dear Experts,

In my organization , we have Cisco ASA 5540 that is configured with the remote access VPN profile. The Remote VPN is configured in such a way that the user authentication will be through Microsoft LDAP ( AD server).

Currently the VPN client is using the Group Authentication method and we would like to go for certificate based authentication (

Mutual Group Authentication) using CA server. Below are my queries regarding to the these migration.

1.Have anyone did Remote Access VPN with CA Server ?

2.Can i use the same AD server as CA server ?

3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server ?

Kindly advice.

Regards

Shiji

Karsten Iwen · ‎07-01-2012

>1.Have anyone did Remote Access VPN with CA Server ?

I used it quite often before migrating to AnyConnect.

>2.Can i use the same AD server as CA server ?

Yes, you can. But you shouldn't. For security-reasons it's better to make it a separate VM.

>3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server?

The ASA-part is described here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#asa1

s.aliyarukunju · ‎07-04-2012

Thank you karsten for your help.

I will review and apply the configuration and update you.

Thanks