Process to upgrade Certs in NAC 4.7.2 OOB VG HA environment
I am in the process of replacing the CCA manager certificate which is about to expire. My environment is HA and as such consists of two CAM servers and two pairs of HA-CAS servers.
First - I have submitted and generated the CAM server certificate (Easy enough as the CAM SSL is accessible via the GUI.) I think, although I'm not sure that I need to generate a new cert for the CAS(S).
If I do I need to access at least one CAS in an HA pair via the GUI. Does it matter which one? When I attempt to GUI to the "secondary" CAS in a pair I am of course being treated like a device that need to be "NAC'd".
To access the CAS I think I need to stop perfigo services which should drop me out of the HA pair. True?
Will I need to take each server out of "service" to update the cert.
If there is a document sequence of events I would love to see it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...