Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
jm
Community Member

Cisco ASA / SSL Proxy with client-certificates

Hi All,

A customer want to replace his old Microsoft ISA firewall with another device.

I thought of a redundant Cisco ASA pair. The new firewall has to meet the following requirement:

The new Firewall has to validate SSL client-certificates against Microsofts Active Directory

and act as a SSL proxy between server and client.

Does somebody know if that is possible with a Cisco ASA? Or maybe with another Cisco product?

Thank a ton,

Johannes

Everyone's tags (2)
1 REPLY
Community Member

Cisco ASA / SSL Proxy with client-certificates

If by "validate SSL client-certificates against Microsofts Active Directory" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.

Now, as for the "act as a SSL proxy between server and client" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a  TLS/SSL proxy feature.

Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified.

679
Views
0
Helpful
1
Replies
CreatePlease to create content