I have a PIX 515E 6.3(5) and I have a problem I simply cannot find an answer for!
We use a certificate for a VPN we have with a 3rd party, and the certificate is due for renewal in the next couple of weeks. The guy that did this originally has left the company and I've never done this before. I'm pretty certain he generated the original certificate request on this firewall.
I have this information (names changed, serials altered, etc):
ca identity mydomain.com 216.x.x.39:/cgi-bin
ca configure mydomain.com ca 1 20 crloptional
myfirewall# sh ca cert
Certificate Serial Number: xxx
Key Usage: General Purpose
UNSTRUCTURED NAME = myfirewall.mydomain.com + CN = myfirewall.mydomain.com
start date: 00:00:00 UTC Aug 24 2006
end date: 23:59:59 UTC Aug 24 2007
I've looked at using the ca enroll command but I need to keep this VPN up while the certificate is renewed if possible.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...