I had a question about the limitations of an ASA 5505 and using it as CA. The setup would be as follows:
2 ASA 5520's in set up for high availability failover.
1 ASA set up with a local CA server.
If I had to set up VPN to connect to an interface on the ASA 5520's and wanted to require certificates as a secondary authentication could they use an ASA 5505 as a CA to retrieve and verify stored certificates? The issue I ran in to was not being able to set up a local CA server on the failover pair and was hoping to use an ASA 5505 with a local CA server to act as a distribution point. I have been researching various configurations similar to this but have not found definitive information if it is even possible.
If someone could verify if this is even possible and / or point me in the right direction it would be greatly appreciated.
Thank you,
Rick