Re: Cisco ASA remote access VPN with Certs

networker99 · ‎01-18-2012

Hi,

Is there a way I can configure a remote access VPN on a Cisco 5505 using digital certs instead of pre-shared key. I dont want to use a 3rd party CA, can the ASA perform this role? with a self signed cert?

Thanks

andrew.prince · ‎01-18-2012

Have a look a the below

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

networker99 · ‎01-18-2012

Both RA RSA examples involve using a MS CA?

andrew.prince · ‎01-18-2012

Yes - and they are examples to give you an idea on which direction you need to go in. And I am pretty sure someone has either done or close to what you want to do - use your favorite search engine and have a look?!

networker99 · ‎01-18-2012

I have read those articles and no they dont help, hence specifying using the ASA. and yes I am looking for the answer on an SE

andrew.prince · ‎01-18-2012

So you looked at all the config examples??

So you want to use VPN with Digital Certs - but with a self signed cert on the ASA....

1) How to on digital certs

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

So you just ignore the bit about the MS CA

2) How to on createing the self signed cert of the ASA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

So you ignore everything about the AnyConnect config

Fo the client certs - you are on your own there!!!

rizwanr74 · ‎01-18-2012

Here is a link, below from Cisco, will help you with the config and it is a quite a mouthful.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

Thanks

Rizwan Rafeek