I am upgrading from PIX 515 to ASA 5520 and I need to export the private keys generated on PIX with command `crypto key generate rsa` to ASA. That's because I want to reuse on ASA the certificate generated by CA for PIX. Is there a way to acomplish this task other then re-generate new keypair on ASA and re-enroll it on CA? Please advise.
When two devices use an Identity Certificate to initiate VPN negotiations, they actually need to prove they are actually the devices for which those certificates were issued. Following this idea, each device needs to provide certain information to the CA server in order to get this certificate properly signed by it. When two devices need to use certificates to initiate a VPN tunnel, they should not be able to use the certificate from another device to authenticate themselves. Hence it is going to be necessary to enroll the ASA device against the CA server in order to have the option to use certificates.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...