I have worked with projects of NAC, but recently working with Failover have some doubts.
Speaking in an easy to understand exactly what processes to configure failover with certificates generated by CA?
1 - CA to be the domain?
Let's take an easy example: I Have CAS01 (real ip) and CAS02 (real IP)
2 - CAS01 I access the tab "X509 Certification Request" and generate CSR with the information:
CN = CAS.domain; CAS = (ip service)
3 - I selected the private key + Certificate request and click in Export (save)= CSR.pem Certificate request generated by CAS01 and import this file to the CA in which will generate the certificate.cert (based on the CSR and the private key CAS01).
4 - After the file certificate.cert in hand, I care for this CAS01 (X509 Certificate tab) + root.cert (CA = certificate of Trusted Certificate Authorities tab).
5 - I'll do the failover configurations in this tab to complete steps in CAS01.
According to documentation, I use the same certificate+privatekey and care for the CAS02. But when I do this because I had message like "private key not found".
In others case, when I exported the certicate + private key(CAS01 - x509 certificate TAB) and Imported to the CAS02, the CAS02 takes the IP Service and CAS01 and CAS02 were inaccessible. : 0 What is the correct way when using certificates generated by CA??
We can describe in detail the processes in CAS02?? Is there any case incorrect in CAS01??
In case of CA signed certificates, you would follow the same procedure. The only difference is that before you start installing the certificate, make sure that the root certificate from the CA is installed in the Trusted Certificate Authorities of both the CASs. Once that is in place, generate the cert from one CAS, and then install the pvk+cert on both.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :