07-01-2012 02:27 AM - edited 03-11-2019 04:25 PM
Dear Experts,
In my organization , we have Cisco ASA 5540 that is configured with the remote access VPN profile. The Remote VPN is configured in such a way that the user authentication will be through Microsoft LDAP ( AD server).
Currently the VPN client is using the Group Authentication method and we would like to go for certificate based authentication (
Mutual Group Authentication) using CA server. Below are my queries regarding to the these migration.
1.Have anyone did Remote Access VPN with CA Server ?
2.Can i use the same AD server as CA server ?
3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server ?
Kindly advice.
Regards
Shiji
07-01-2012 07:48 AM
>1.Have anyone did Remote Access VPN with CA Server ?
I used it quite often before migrating to AnyConnect.
>2.Can i use the same AD server as CA server ?
Yes, you can. But you shouldn't. For security-reasons it's better to make it a separate VM.
>3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server?
The ASA-part is described here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#asa1
07-04-2012 12:03 PM
Thank you karsten for your help.
I will review and apply the configuration and update you.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: