Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3rd Party and Internal CA Cert for SSL VPN

                   I have a SSL Client VPN configuration setup using both AAA and cert for authentication. I am using internal MS PKI for my cert deployment. My question is what if I also want to do clientless connections to this same ASA. I have my ASA's identity cert trustpoint on the outside interface but it is only signed by my internal CA, not a public CA. So if anyone outside my company attempts to connect, the would see a certificate warning page correct?

3 REPLIES

3rd Party and Internal CA Cert for SSL VPN

Hello,

Exactly, they will see that until they installed on their trusted certificate store. This because the source of the certificate is not trustworthy on the public internet.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: 3rd Party and Internal CA Cert for SSL VPN

There is no way to use different identity certs based on connection profiles?

Re: 3rd Party and Internal CA Cert for SSL VPN

Hello,

Is this what you are talking about?

http://www.runtrocks.com/certificate-mapping-for-tunnel-groups-on-a-cisco-asa/

If that's the case as u can see the answer is yes

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
69
Views
0
Helpful
3
Replies
CreatePlease login to create content