I'm assuming this is possible, but I can't seem to find any documentation on the subject. What I'm looking to do is to associate a webvpn group-url (which is tied to an SSL Tunnel group) to a certificate of the same name, so that I can avoid cert errors when connecting to that specific group URL. I'm able to create an ID cert just fine, however it looks like I can only associate one cert per interface. Any ideas if what I'm trying to do here is possible?
Thanks for your reply. This is actually to resolve a URL name to an SSL group name using the host headers sent by the browser. As far as applying the cert to the default group policy, could you elaborate on exactly which commands to which you are referring?
Got some info back from Cisco TAC. Apparently this was a little easier than I originally thought. You can create multiple CNs within a single certificate, and assign that one cert to the interface you choose. In the CLI, it looks like this:
crypto ca trustpoint john
subject-name CN=sales.company.com,CN=engineering.company.com <--NOTE: OU, S, O would all follow after this if I had them defined
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...