03-30-2015 01:34 PM
Currently we are build up site-2-site VPN tunnel with our customer. Usually we use pre-shared key as authentication with other customers without any issue, but we have to use cert authentication with it this time. But the question is that our CA is different from theirs. I tried it a few times, but it failed. Does anybody please let me know that we have to own the certificate issued by the same CA to create VPN tunnel?
Thanks a lot!
Solved! Go to Solution.
04-05-2015 11:59 AM
Hi,
You may want to review this document for an easy example of setting up a S2S VPN using certificates on an ASA:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aa5be1.shtml
Basically both sides will need to have the same CA certificate and if there is a intermediate certificate that should be installed also. The 2 ASAs will generate a CSR(Certificate Signon Request), Now then the PKI will create a certificate for both sides usually known as "Identity certificate".
Please Proceed to rate and mark as correct he helpful Post!
David Castro,
Regards,
04-05-2015 11:59 AM
Hi,
You may want to review this document for an easy example of setting up a S2S VPN using certificates on an ASA:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aa5be1.shtml
Basically both sides will need to have the same CA certificate and if there is a intermediate certificate that should be installed also. The 2 ASAs will generate a CSR(Certificate Signon Request), Now then the PKI will create a certificate for both sides usually known as "Identity certificate".
Please Proceed to rate and mark as correct he helpful Post!
David Castro,
Regards,
04-09-2015 07:39 AM
Thanks David for your assistance....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: