Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec RA VPN with CA Outside

IPSec RA VPN with CA Outside

Does the CA have to be outside the firewall as diagramed in http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

We may have an aversion to having a CA internet assessable. Our RA VPN clients would not be so far away that they could never come into the office to get a cert first.

Thanks.

1 REPLY
Bronze

Re: IPSec RA VPN with CA Outside

With a CA, a peer authenticates itself to the remote peer by sending a certificate to the remote peer and performing some public key cryptography. Each peer sends its own unique certificate which was issued and validated by the CA. This process works because each peer's certificate encapsulates the peer's public key, each certificate is authenticated by the CA, and all participating peers recognize the CA as an authenticating authority.

Check the URL: Managing VPN Remote Access:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html

Configuring IPSec and Certification Authorities:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecint.html

265
Views
0
Helpful
1
Replies