Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
3
Replies

Site to Site VPN with certificate authentication using ASA as LOCAL CA Server

Mohammed Islam
Level 1
Level 1

‎12-13-2011 08:11 AM - edited ‎03-11-2019 03:01 PM

Hi,

As the title suggests I am planning on rolling out site to site VPN using ASA as a local CA Server.

I have been looking around on the forums and cisco.com but cannot see any form of documentation on using the ASA as the local CA for site to site.

Is this possible?  If so can someone point me in the right direction please.

Many thanks.

Regards

Mo

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎12-13-2011 08:03 PM

Hi,

Nope, as far as I know, the CA server capability is only on IOS software, not on the ASA.

Mike.

Mike
0 Helpful

Mohammed Islam
Level 1
Level 1
In response to Maykol Rojas

‎12-14-2011 01:29 AM

No, the ASA does allow creation of CA server, but from what I've read online it only supports client based and web based VPN (IPSEC and SSL).  There is no mention about site to site IPSEC.

FYI, I have created CA locally on the ASA previously and it does support it 100%.

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Mohammed Islam

‎12-14-2011 08:44 AM

New stuff

But why it does not work for site to site? I mean if both peers are able to get a certificate from the ASA I dont know what could go wrong creating the tunnel.

Let me know.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card