We are running 8.3 and we have the Microsoft Enterprise root CA and Enterprise Subordinate CA.
Everything seems to be working fine for the moment with user cert and user login, both being used for authentication.But I am looking for redundancy, so in case the subordinate CA is down, and ASA still has a way to verify user certs and allow VPN access.
I think you have a misunderstanding how PKI works. This is not AAA. The devices which validate a certificate do not go to the CA and ask if the cert is valid. They just check locally if the certificate that was presented by the client is signed by a trusted CA.
If you are however talking about CRL, that can be published on multiple location for redundancy and it is refreshed every hour/day.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...