05-23-2007 06:44 AM
Dear friends,
I need help or guide about how to setup as state in the title.
Is this configuration can be done? or the self-signed certificate can never be used for VPN certificate.
Unfortunately we can't deploy a dedicated CA Server.
But we can't use preshared-key authentication also because the configuration would force our ASA to disable the "isakmp am-disable" which is unacceptable according to our independent network auditor.
So the best solution i can think is we have to use self-signed certificate to accomodate this.
Please advice me if there is somehow i can use "isakmp am-disable" along with preshared key.
Can i generate certificate using my ASA box ? or i really need to use dedicated CA Server to make it work.
Here is an sample of the self-signed certificate from ASA but i can't import it to my Cisco VPN Client 5.0 it keep say "Error 39: Unable to import certificate"
MIIGpwIBAzCCBmEGCSqGSIb3DQEHAaCCBlIEggZOMIIGSjCCBkYGCSqGSIb3DQEH
...removed
SdCTfNIaE11Fm+rOMD0wITAJBgUrDgMCGgUABBS6s9ZMs6MoqQ0tdZuKRZuebbE3
owQU/z10f/Ew3XMfWBYSV5Eo3evqqgwCAgQA
I'll be very very grateful to any guidance provided.
Best Regards,
Sab
Solved! Go to Solution.
05-25-2007 12:27 PM
Sab,
You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.
You cant use the self-signed certificate on the ASA for the VPN client.
Cheers,
Gilbert
05-25-2007 12:27 PM
Sab,
You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.
You cant use the self-signed certificate on the ASA for the VPN client.
Cheers,
Gilbert
05-25-2007 06:40 PM
Hi Gilbert,
this was my first post in forum, Thanks to you i know that we can't use self signed certificate for IPSecVPN.
Lets back to the other threads. i believe this thread is solved.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide