ASA - SSL Remote Access VPN with AAA and Certificates


(Lance F) #1

Hello - I need to configure an ASA for remote access for five users. They need access to network shares. I am looking at setting up an SSL VPN as shown in the Cisco ASA AnyConnect Remote Access VPN write-up using self-signed certificates. I would like to use both AAA and certificates for security.

1)Should I set up the ASA as shown in the Cisco ASA Anyconnect Remote Access VPN write-up and then configure the certificate authority? Or set up the certificate authority first and then configure the ASA for SSL VPN?

2)Is the certificate that is discussed in the ‘Cisco ASA Anyconnect Self Signed Certificate’ write-up (the one I would install on the user’s PC in the Trusted Root Certification Authorities) different from the ASA certificate that is presented to the user in ‘Cisco ASA Anyconnect Local CA’?

Thank you


(Rene Molenaar) #2

Hi Lance,

I would first try to configure your ASA with username/password authentication, once that works, upgrade it to include certificates. If you put everything together at once and it doesn’t work, you’ll have a lot of pieces to troubleshoot.

Do you want to use user certificates to authenticate your users instead of just a username/password? The example of the self signed certificate is only the certificate that the ASA represents to the clients.

If you want user authentication with certificates, it is possible to do this with the built-in CA of the ASA but I prefer using a separate CA for this, for example, openssl:


(Rene Molenaar) split this topic #3

2 posts were merged into an existing topic: Cisco Terminal Server Configuration Example