[c-nsp] ASA Active/Standby failover and identity certificate replication
Drewes, Bjoern
bjoern at verfriemelt.com
Fri Jul 3 03:49:18 EDT 2015
Hi all,
I wan't to use a 5520 cluster "9.1.6" as VPN concentrator for branch
offices with 800 series routers. There will be a bunch of IPSec-RSA
tunnel profiles. Planned workflow is, for every profile seperate "self
generated via openssl" ca and one certificate for the router and one for
the asa. In my test with 10 profiles/routers this works great. XCA is a
nice tool to handle this CAs and export the P12 files.
At the time i simulated a failover, i realized, that the tunnels won't
come up. It seems that the Identity Certificates and CAs, are not
replicated. I can force this via "write standby", but is this really
needed? May i have a configuration error?
Every hint is welcome!
Thank you in advance.
Björn
More information about the cisco-nsp
mailing list