cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1771
Views
0
Helpful
2
Replies

Remote Access VPN using Mutual Group Authentication ( CA certificate)

s.aliyarukunju
Level 1
Level 1

Dear Experts,

In   my organization , we have Cisco ASA 5540 that is configured with the   remote access VPN profile. The Remote VPN is configured in such a way   that the user authentication will be through Microsoft LDAP ( AD   server).

Currently   the VPN client is using the Group Authentication method and we would   like to go for certificate based authentication (

Mutual Group Authentication) using CA server. Below are my queries regarding to the these migration.

1.Have anyone did Remote Access VPN with CA Server ?

2.Can i use the same AD server as CA server ?

3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server ?

Kindly advice.

Regards

Shiji

2 Replies 2

>1.Have anyone did Remote Access VPN with CA Server ?

I used it quite often before migrating to AnyConnect.

>2.Can i use the same AD server as CA server ?

Yes, you can. But you shouldn't. For security-reasons it's better to make it a separate VM.

>3. What are configuration changes that required in ASA for the Remote VPN users to enroll the certificate with CA server?

The ASA-part is described here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#asa1

Thank you karsten for your help.

I will review and apply the configuration and update you.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: