Remote Access VPN using Mutual Group Authentication ( CA certificate)

Unanswered Question
Jul 1st, 2012

Dear Experts,

In   my organization , we have Cisco ASA 5540 that is configured with the   remote access VPN profile. The Remote VPN is configured in such a way   that the user authentication will be through Microsoft LDAP ( AD   server).

Currently   the VPN client is using the Group Authentication method and we would   like to go for certificate based authentication (

Mutual Group Authentication) using CA server. Below are my queries regarding to the these migration.

1.Have anyone did Remote Access VPN with CA Server ?

2.Can i use the same AD server as CA server ?

3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server ?

Kindly advice.

Regards

Shiji

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Karsten Iwen Sun, 07/01/2012 - 07:48

>1.Have anyone did Remote Access VPN with CA Server ?

I used it quite often before migrating to AnyConnect.

>2.Can i use the same AD server as CA server ?

Yes, you can. But you shouldn't. For security-reasons it's better to make it a separate VM.

>3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server?

The ASA-part is described here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#asa1

s.aliyarukunju Wed, 07/04/2012 - 12:03

Thank you karsten for your help.

I will review and apply the configuration and update you.

Thanks

Actions

Login or Register to take actions

This Discussion

Posted July 1, 2012 at 2:27 AM
Stats:
Replies:2 Avg. Rating:
Views:959 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446