The SSL Web VPN certificate on my ASA 5540 pair is expiring. I have received a new certificate from COMODO. The current certificate was created 3 years ago using 1024 bit key. I have rceived a Certificate from CA. The CSR request was generated by my colleague who is on vacation, unfortunately.
a. Now I am trying to figure whether it was 2048 key CSR request?
b. I am also not sure whether I need a new Identiti Certificate and new key pair with 2048 size?
c. Also not too sure about Trust Point to associate with they key.
d. Can I use all old settings and just copy paste the certificate?
e. Also what I will have to do on secondary ASA??
I am guessing that since I am just renewing the certificate I don’t have to follow all steps. For the following link it looks like I just need to start from step 8. Can anyone please confirm or suggest a better link!!
That procedure is a good one to follow. You should see the pending certificate request if indeed the CSR was made from that ASA. Once you import and save and validate the new certificate is being used, you should be OK. The bottom of that procedure addresses the steps to synchronize the certificate on the standby unit.
The trustpont your SSL VPN is using should be the one bound to the outside interface. It is identified in the configuration file with a line like:
ssl trust-point outside
You can find it in ASDM by using the tool for command line and ending the command "show run | i trust-point"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...