We are doing a rollout for a new WAN network for a private company. We configured the VPN tunnels using certificates and the certificates are issued by a WIndows 2008 server using SCEP. The certificates are valid for a year , we tried to configure a new certificate template with a longer time but the WIn2008 server started to act strange. ( Note that we had a lot of issues with the Window2008 CA server ).
We configured auto-enrollment with the command ( auto-enroll 95 ) so are certificates should get refreshed within 95 % of his lifetime.The problem is that you can't test it :-(
Does anybody have any experience with this ? Is their way so you can test it ?
I already tried with the manipulating the time but this doesn't work . THe router runs a small timer which says how long the certificate is valid.
Any input is welcome. If needed I can send a part of the config by email
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...