Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Integrating ASA with a Certificate Authority

Hi All,

In accordance with the security policy of one of my clients, I need to integrate ASA5510 with a CA to authenticate Remote Access VPN users when connecting to the ASA. This is a small network with only about 50 VPN users.

I have tried speaking with some CAs such as VeriSign and Secure Computing but they said they do not provide such service to small companies like my client. Can anyone recommend a CA I can use who would be able to accomodate a small company like my client?

Thank you.

3 REPLIES
Silver

Re: Integrating ASA with a Certificate Authority

If you have such a small network, why not be

your own CA server? You can use Microsoft CA

server and it is free.

Community Member

Re: Integrating ASA with a Certificate Authority

Thanks. I am working on that but this document (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml) places Microsoft CA on the Outside Interface of the ASA.

Does this mean that I need to have a dedicated server with a public IP address with Microsoft CA implemented on it? How would this server be protected since it is sitting before the firewall and not on the LAN?

Wouldn't the essence of having a CA authenticate Remote Access VPN clients be defeated since a hacker can compromise the Microsoft CA server that I would install and place before the ASA Outside interface?

Thank you.

Silver

Re: Integrating ASA with a Certificate Authority

You CAN place the Microsoft CA Server BEHIND

the firewall and NAT the Microsoft CA Server

through the firewall. The Server will be

protected by the ASA.

172
Views
0
Helpful
3
Replies
CreatePlease to create content