Guys,
So I have done me some digging around and I just cant lay my fingers on a
definitive answer to me question above.
I understand that a CA RA has as its main function, to authenticate
certificate requests AND to make/forward that request to the CA server for
the certificate. It then returns that granted certificate back to the
client.
The new SCEP Proxy feature on the ASA, well, pretty much does the same
functionality! You configure the ASA firewall for SCEP Proxy and the
AnyConnect client tries to connect VPN to the ASA. The ASA authenticates
the client, and then if successful, requests a certificate from the CA on
bahalf of the client. The client then receives its certificate and
reconnects using that certificate back to the ASA for VPN.
Do both sound the same or what? Of course apart from the fact that SCEP
Proxy is specific to the ASA (for now?). I am hoping someone out here that
thinks yay or nay can sort me out here please!
Thanks as usual.
Sadiq
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Fri Mar 23 2012 - 17:55:54 ART
This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART