07-01-2012 02:27 AM - edited 03-11-2019 04:25 PM
Dear Experts,
In my organization , we have Cisco ASA 5540 that is configured with the remote access VPN profile. The Remote VPN is configured in such a way that the user authentication will be through Microsoft LDAP ( AD server).
Currently the VPN client is using the Group Authentication method and we would like to go for certificate based authentication (
Mutual Group Authentication) using CA server. Below are my queries regarding to the these migration.
1.Have anyone did Remote Access VPN with CA Server ?
2.Can i use the same AD server as CA server ?
3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server ?
Kindly advice.
Regards
Shiji
07-01-2012 07:48 AM
>1.Have anyone did Remote Access VPN with CA Server ?
I used it quite often before migrating to AnyConnect.
>2.Can i use the same AD server as CA server ?
Yes, you can. But you shouldn't. For security-reasons it's better to make it a separate VM.
>3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server?
The ASA-part is described here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#asa1
07-04-2012 12:03 PM
Thank you karsten for your help.
I will review and apply the configuration and update you.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide