Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with certificates

Hi,

I want to configure a site-to-site VPN with digital certificates.

How can I install a CA on the ASA 5520? The ASA must use the certificate from the local CA and also use the public certificate from the VPN server on the other side of the tunnel.

On the ASA is IOS 8.0(3) installed.

Thanks, for your help.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VPN with certificates

I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml

For other commercial vendors you can find instructions on ther respective websites

Some other examples:

http://www.cisco.com/warp/public/471/verisign-install-asa.pdf

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml

Regards

Farrrukh

5 REPLIES

Re: VPN with certificates

I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml

For other commercial vendors you can find instructions on ther respective websites

Some other examples:

http://www.cisco.com/warp/public/471/verisign-install-asa.pdf

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml

Regards

Farrrukh

New Member

Re: VPN with certificates

Thank you for your answer.

Our CA must be installed on the ASA. On the other side of the VPN is no CA. The certificate was manually generated by a tool.

How can I import the manually generated public certificate from the ohter side of the VPN in my ASA? No import from a CA.

Re: VPN with certificates

Well first you need have to have the CA's certifcate that granted/issues this Certificate loaded on the ASA. Does this 'tool' have a certificate like a normal Certificate Authority does?

Then you can just import the certificate issues by this tool using the normal manual enrollment process.

Regards

Farrukh

New Member

Re: VPN with certificates

We have installed a Microsoft CA and it is working fine.

Thanks for your help

Ragards

Markus

Re: VPN with certificates

I'm glad to know you have it working now :)

Please rate helpful posts.

Regards

Farrukh

376
Views
0
Helpful
5
Replies
CreatePlease to create content