Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RemoteAccess VPN to ASA 7.2(2) using using self-signed Certificate

Dear friends,

I need help or guide about how to setup as state in the title.

Is this configuration can be done? or the self-signed certificate can never be used for VPN certificate.

Unfortunately we can't deploy a dedicated CA Server.

But we can't use preshared-key authentication also because the configuration would force our ASA to disable the "isakmp am-disable" which is unacceptable according to our independent network auditor.

So the best solution i can think is we have to use self-signed certificate to accomodate this.

Please advice me if there is somehow i can use "isakmp am-disable" along with preshared key.

Can i generate certificate using my ASA box ? or i really need to use dedicated CA Server to make it work.

Here is an sample of the self-signed certificate from ASA but i can't import it to my Cisco VPN Client 5.0 it keep say "Error 39: Unable to import certificate"

MIIGpwIBAzCCBmEGCSqGSIb3DQEHAaCCBlIEggZOMIIGSjCCBkYGCSqGSIb3DQEH

...removed

SdCTfNIaE11Fm+rOMD0wITAJBgUrDgMCGgUABBS6s9ZMs6MoqQ0tdZuKRZuebbE3

owQU/z10f/Ew3XMfWBYSV5Eo3evqqgwCAgQA

I'll be very very grateful to any guidance provided.

Best Regards,

Sab

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: RemoteAccess VPN to ASA 7.2(2) using using self-signed Certi

Sab,

You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.

You cant use the self-signed certificate on the ASA for the VPN client.

Cheers,

Gilbert

2 REPLIES
Cisco Employee

Re: RemoteAccess VPN to ASA 7.2(2) using using self-signed Certi

Sab,

You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.

You cant use the self-signed certificate on the ASA for the VPN client.

Cheers,

Gilbert

New Member

Re: RemoteAccess VPN to ASA 7.2(2) using using self-signed Certi

Hi Gilbert,

this was my first post in forum, Thanks to you i know that we can't use self signed certificate for IPSecVPN.

Lets back to the other threads. i believe this thread is solved.

Thanks

690
Views
0
Helpful
2
Replies
CreatePlease to create content