Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1094
Views
0
Helpful
1
Replies

Cisco ASA / SSL Proxy with client-certificates

jm
Level 1
Level 1

‎07-17-2013 08:39 AM - edited ‎03-11-2019 07:13 PM

Hi All,

A customer want to replace his old Microsoft ISA firewall with another device.

I thought of a redundant Cisco ASA pair. The new firewall has to meet the following requirement:

The new Firewall has to validate SSL client-certificates against Microsofts Active Directory

and act as a SSL proxy between server and client.

Does somebody know if that is possible with a Cisco ASA? Or maybe with another Cisco product?

Thank a ton,

Johannes

Labels:
0 Helpful
1 Reply 1

Favaloro.
Level 1
Level 1

‎07-17-2013 11:46 AM

If by "validate SSL client-certificates against Microsofts Active Directory" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.

Now, as for the "act as a SSL proxy between server and client" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a  TLS/SSL proxy feature.

Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card