cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
1
Helpful
3
Replies

AnyConnect with LDAP-S

battanc
Level 1
Level 1

Cisco ASA 5515-X 

AnyConnect VPN with LDAP authentication (2 Domain Controllers).

I need to use LDAP-S to get the password-management.

At the ASA side, it is sufficient to enable LDAP over SSL.

On the Domain Controllers (2 Windows/2008) to enable LDAP-S I must use a certificate.

 

The Question is:

Can I use an "Identity Certificate" self-signed, generated on the firewall itself?

For example, the same one, used for AnyConnect clients or a new one? 

And with what parameters must I create it? 

 

Thanks,

Claudio

3 Replies 3

rizwanr74
Level 7
Level 7

Hi Battanc,

 

Yes, you can use self-signed certificate from the ASA itself.

Please check the attached doc from Cisco.

 

Thanks

 

 

 

However, this does NOT answer my question, that maybe it was not very clear.

The question is: can I use a "self-signed" certificate for LDAP-S ?

 

Claudio

rizwanr74
Level 7
Level 7

Hi Claudio,

 

Answer is yes.

 

"Step 1. Configure a Self−Issued Certificate"

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: