We need to put to work an access-VPN (remote clients to PIX firewall) with a Microsoft CA. We already have a Microsoft CA working with a Web-based application and would like to use the same CA for the VPN but we do not want to have users being able to mess up by using certificates issued for web access with the VPN. We know that Microsoft CA can generate certificates with flags that indicate suitable uses for the certificate (web access, VPN, etc) in addition to specifying signature/encryption only certificates.
Our question is: will Cisco VPN clients and the PIX firewall understand the flags that specify that the certificate should only be used for VPN or web access?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...