[c-nsp] ASA 5500 SSL VPN Auth
cool hand luke
coolhandluke at coolhandluke.org
Thu Dec 18 01:49:25 EST 2014
On 12/18/2014 12:29 AM, Kris Amy wrote:
> Been searching through the archives and haven't seen this setup, wondering
> if anyone has done this and has any pointers...
>
> I'm attempting to do SSL VPN termination on a pair Cisco ASA 5500(active
> failover). To do auto-login without storing the username/password on the
> client machine I plan on deploying a PKI environment which the ASA's will
> then use for authenticating the end-points. The endpoints are required to
> have static IP's as well.
you're not doing anything revolutionary here and, as it appears you
haven't actually attempted it yet and aren't asking anything specific,
it's it's impossible for anyone on the list to know what to tell you
without making a metric shit-ton of assumptions.
for all we know, you've been given the above as a directive, have never
touched an asa, and think a certificate is what your kids bring home
from school and hang on the fridge.
set it up in test, come back with specific questions if/when it doesn't
work how you want it to, get it working, move to production.
/chl
More information about the cisco-nsp
mailing list