[c-nsp] VPN 3000 and Digital Certificates
Marco Matarazzo
marmata at libero.it
Wed Jan 26 10:36:09 EST 2005
Hi all,
I've been asked to deploy a VPN system to allow our customers to connect to
their servers for mantainance.
Since we already have a backend infrastructure for backing up the servers, I
was thinking about adding a VPN Concentrator on the BE, make the customers
connect to the public IP of this one, setup appropriate filters so they can
connect only to their servers. From the documentation I've found, it seems
all possible. Now we want to hand each customer one or more digital
certificates to authenticate on the concentrator. Still unsure if we'll use
W2k3 CA or OpenCA, but there's one thing I don't understand from the
documentation. It says: "Model 3005 allows a maximum of 6 root or
subordinate CA certificates (including supporting RA certificates) and 2
identity certificates". Does that mean that I can hand out just two
certificates (-> two different users)? If not, is there some method to tell
the VPN Concentrator to take the certificate from a radius or ldap server,
to overcome that limit? Should I stick to username/password authentication?
Thanks!
]\/[arco
More information about the cisco-nsp
mailing list