I'm having some problems with certs in a failover pair.
I've imported a wildcard cert onto the primary node in a failover pair. This cert was then bound to the outside interface. This is working on the primary node fine for clientless SSL VPNs. I also imported the CA cert.
When we failover to the secondary node, the identity cert doesn't exist. The key is there and the CA cert is there, but there are not identity certificates installed.
As I need this work properly during a failover, this isn't a good situation. Can anyone help get this sorted?
You should be aable to copy the cert over to the secondary ASA. The easiest way is to create a backup in ASDM and select All. The cert will be backed up in PKCS12 format which can then be installed on the secondary ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...