You may want to check to see if an enrollment password is required. The default installation of Server 2008 NDES will default to requiring an OTP for each enrollment request. The URL to access this interface is usually http://[Server IP]/CertSrv/mscep_admin. You will then include the SCEP Challenge Password when defining and enrolling the trustpoint.
In ASDM 6.x, you will enter the challenge password during the initial configuration of the trustpoint. Go to Configuration->Remote Access VPN->Certificate Management->Identity Certificates. Click Add to configure a new trustpoint and select the "Add a new identity certificate" option. Under advanced, there will be three tabs. The "Enrollment Mode" tab is where you enter the SCEP URL and the "SCEP Challenge Password" tab is where you enter the OTP.
OK - forget the Windows 2008 server... I am not using that anymore...
I took an IOS router and configured it to be the CA server which works just fine. I was able to get the CA certs and have 2 ASAs enroll with it and was able to get the site to site up and running with certificates!
Now I am trying to do the same thing but via a Remote access VPN.
The problem that I have is that I have no idea how to get the CA certificate from the client PC where the vpn client is installed.. Any ideas?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :