I am using an MS certificate authority (CA) to issue certificates to VPN routers using the SCEP add on. The template that the CA is using for this specifies a certificate lifetime of 2 years but the certs that the routers are receiving expire in 1 year.
I can't tell if the routers are requesting this shorter lifetime (and if they are I can't find any way to change the default), or if the SCEP plugin is causing this.
I need to either get this to 2 years or figure out how to get the routers to renew automatically (auto-enroll) while the CA requires a SCEP challenge password. I can get auto-enroll working when there isn't a challenge password, but it fails when that's turned on.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...