[c-nsp] ASA 5500 SSL VPN Auth

cool hand luke coolhandluke at coolhandluke.org
Thu Dec 18 01:49:25 EST 2014

On 12/18/2014 12:29 AM, Kris Amy wrote:
> Been searching through the archives and haven't seen this setup, wondering
> if anyone has done this and has any pointers...
> I'm attempting to do SSL VPN termination on a pair Cisco ASA 5500(active
> failover). To do auto-login without storing the username/password on the
> client machine I plan on deploying a PKI environment which the ASA's will
> then use for authenticating the end-points. The endpoints are required to
> have static IP's as well.

you're not doing anything revolutionary here and, as it appears you 
haven't actually attempted it yet and aren't asking anything specific, 
it's it's impossible for anyone on the list to know what to tell you 
without making a metric shit-ton of assumptions.

for all we know, you've been given the above as a directive, have never 
touched an asa, and think a certificate is what your kids bring home 
from school and hang on the fridge.

set it up in test, come back with specific questions if/when it doesn't 
work how you want it to, get it working, move to production.


More information about the cisco-nsp mailing list