We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 637 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

367 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Rene,
    Thanks for the presentation, great info as always…

    What would be the advantages of changing my current ASA VPN Pre-Shared Keys to Certificates?

    I am kind of new to certificates, so what would be the process for my customers who connect with PSK VPNs? Would they need to provide me certificate from a trusted CA for my ASA, and I would provide them a certificate as well?

    If i have a couple hundred VPNs, can i provide the same certificate to every customer, or is that not a best practice?

    Thanks again for all the great tutorials.

  2. Hi Brian,

    Security-wise, the public/private key of a certificate are typically longer than a pre-shared key.

    If you want to use certificates then both devices will have to trust the same root CA. You could use your own CA like I did with this example and sign two certificates. One for your firewall and one for the customer. Since both devices trust the CA, they will trust each other’s certificate.

    This is the main advantage of using certificates. For example, let’s say you have 100 customers that build a VPN to your main office’s firewall. If you want to add an

    ... Continue reading in our forum

  3. HI my friend.

    I am not sure if CA must be always available to the peers even when they authenticate each other. At the moment CA is not available the vpn will failed? what happen if reload one of the peers? it was only available at the moment of enrolling and authenticating certificates, could you explain me please?

  4. Hello Brian

    The use of a hostname is essentially there to make your life easier. According to Cisco: “Assigning a hostname identifies the host for subsequent enrollment commands, additional configuration, and provides flexibility in case the IP address of the CA server changes.”

    ... Continue reading in our forum

3 more replies! Ask a question or join the discussion by visiting our Community Forum