In a scenario of "SSL VPN+Citrix", we are facing a problem that ASA5540 re-writes the SSLProxyHost in ICA file to the IP address of Outside of 5540. Is there any way to re-writes the SSLProxyHost to a FQDN in ASA5540, like "vpn.test.com:443". I didn't find it in user guide.
Are you using a Self-Signed Certificate for the External ASA interface ? And is the CN field of the certificate is set to the IP Address of the ASA ?
If you are then please re-create another Self-Signed (Or External if you are using an External CA) where the CN field is equal to the FQDN of the ASA. The re-write function takes the CN field of the external SSL Certificate when writing the SSLProxyHost.
Unfortunatelly, we're using local user database with password to authenticate ssl client.
So in this scenario, is there any work around to re-write the entry of SSLProxyHost? I checked ASA user guide, but failed to find anything related for that. What I want to do is to replace the IP address with a FQDN in SSLProxyHost.
It seems I can create a self-signed certificate assinged to outside interface where the ssl vpn terminates, does that make sense? I don't have the lab testing it.
It doesn't matter that you are using Local Authentication.
You are right, you just need to create a Self-Signed certificate and assign it to the Outside ASA interface, just make sure that when creating the self-signed certificate you are using the FQDN as the CN
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...