I am working on a project where an ASA Ver 8.0 is terminating SSL VPN Web Peers.
The setup works fine, however I am experiencing issues with certificates.
What I wanted to do was issue a certifiacte using the new Local CA found in the new code release. I have set this up, and can generate OTP's via email etc.
The user downloads and installs a certificate and this also works fine. The problem I have is an age old issue with Trust relationships.
For some reason when I attempt to connect to the SSL VPN, I pass the identity certificate phase but I am then asked for a secondary cert, which looks like a default asa one. This of course is untrusted.
My question is, why am I given a secondary certificate, having passed the identity stage ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...