VPN Concentrator using certificate authentication with MS CA
We have a VPN Concentrator 3000. Users securely connect to the concentrator to access Network resources. In order to improve security we have configured the concentrator to use digital certificates to authenticate VPN users, and for users to authenticate the concentrator.
LGCSB have a PKI Infrastructure in 2 levels. We have a root CA that uses a 4096 but key for maximum security, we also have a sub-ordinate CA (issuing CA) that uses a 2048 bit key.
In order to allow vpn users to authenticate via certificates, the users and the concentrator must trust the certificate from the Root CA. On the workstations (VPN clients) this is a simple procedure. However on the concentrator, when we install the Root CA Certificate it fails: the error is "Error installing trusted certificate: Unable to install trusted certificate" in the event log we receive an error which states: "Unable to load trusted certificate, reason = Unable to install trusted certifica
A few tests confirm that the concentrator has a problem with any CA certificate that has a key strength greater than 2048.
Using a 4096 bit is critical (and recommended) to the secure transactions that our organisation use day-to-day so it is not possible to re-configure our PKI infrastructure.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...