Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX / IPSEC / VPN3000 Client & Certificates - another catchy title!

Status
Not open for further replies.
maddog32

maddog32

MIS
Apr 10, 2002
14
0
0
GB
Hi,

I'm trying to configure a PIX 515, IOS v6.0(1), as the terminate point for an IPSEC tunnel from a VPN3000 Client using Certificates supplied by a Microsoft Certificate Authority Server for authentication.

Over the last few days I've been banging my head against walls and now resorting to asking the community if you could provide me with an example configuration for the PIX, VPN3000 client and Certification Server.

Surely, someone out there is using this combination and will be able to provide me with example configs!!!!

Your help will be greatly appreciated and probably save me from any longterm mental problems resulting from not having to bang my head against any more walls!!!! ;-)

Cheers,
Maddog
 
Sort by date Sort by votes
I configured a Windows 2000 server as our internal CA. With a Microsoft provided add-on that I installed , I was able to configure the VPN concentrator and the VPN clients to request certs via SCEP (simple certificate enrollment protocol). SCEP is a Cisco protocol to streamline the certfication process. Basically, as long as the VPN Concentrator and/or VPN client have IP connectivity to the CA box, the installation of the certs is very easy.

So for remote users, you can punch a hole in a firewall that says something like: permit tcp any host ( IP address of CA) eq http and remote users would be able to request CA signed digital certificates via SCEP.

This is the only practical way clients can scale remote VPN access.

The following articles were used in the configuration:
Microsoft SCEP Add-On

Configuring Microsoft Certificate Services

Configuring the Cisco VPN Concentrator to get a Digital Certificate with SCEP

Configuring the Cisco VPN Client to get a Digital Certificate

Configuring the Cisco VPN Concentrator to Communicate with the VPN Client using Certificates

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
49
Russtoleum
Russtoleum
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
45
markd885
markd885
TECHMAN007
  • Locked
  • Question
L2TP over IPSEC with PAP
Replies
0
Views
44
TECHMAN007
TECHMAN007
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
44
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top