Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Wildcard Cert for ASAs in failover providing SSL VPN

I have a pair of ASAs in failover configuration providing VPN load-balancing. I'd like to use a cert for the inbound requests and would like to know if I can use a wildcard cert for all devices or do I need to get individual certs per device and one for the load-balaning IP.

6 REPLIES

Re: Wildcard Cert for ASAs in failover providing SSL VPN

If you have a load balance setup, which is not the same as failover, you will need 3 Certs, 1 for the loadbalance ip address of FQDN which will be contained on both ASA devices and one certificate per box, pretty much your Formula will be #Certs=N+1 where N is your total number of ASA that you have.

New Member

Re: Wildcard Cert for ASAs in failover providing SSL VPN

Thanks. So basically vpn.domain.com and then vpn1.domain.com and vpn2.domain.com.

-Jake

New Member

Re: Wildcard Cert for ASAs in failover providing SSL VPN

This is a test.

New Member

Re: Wildcard Cert for ASAs in failover providing SSL VPN

This is another test.

New Member

Re: Wildcard Cert for ASAs in failover providing SSL VPN

Three for good luck.

Cisco Employee

Re: Wildcard Cert for ASAs in failover providing SSL VPN

You have 3 options:

1) 3 certificates (1 for vpn1, vpn2, and vpn)

2) a wild card certificate

3) a UCC certificate with 3 SANs (vpn, vpn1, vpn2)

179
Views
0
Helpful
6
Replies
CreatePlease to create content