Filter
Top Products
69-90
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Install Certificate
Use this dialog box to install a new CA certificate. You can get the certificate in one of the following
ways:
• Install from a file by browsing to the certificate file.
• Paste the previously acquired certificate text in PEM format into the box on this dialog box.
• Use SCEP—Specifies the use of the Simple Certificate Enrollment Protocol (SCEP) Add-on for
Certificate Services runs on the Windows Server 2003 family. It provides support for the SCEP
protocol, which allows Cisco routers and other intermediate network devices to obtain certificates.
–
SCEP URL: http://—Specifies the URL from which to download SCEP information.
–
Retry Period—Specifies the number of minutes that must elapse between SCEP queries.
–
Retry Count—Specifies the maximum number of retries allowed.
• More Options—Opens the Configure Options for CA Certificate dialog box.
Modes
The following table shows the modes in which this feature is available:
Configure Options for CA Certificate
Use this dialog box to specify details about retrieving CA Certificates for this IPsec remote access
connection. The dialog boxes on this dialog box are: Revocation Check, CRL Retrieval Policy, CRL
Retrieval Method, OCSP Rules, and Advanced.
Revocation Check Dialog Box
Use this dialog box to specify information about CA Certificate revocation checking.
Fields
• The radio buttons specify whether to check certificates for revocation. The values of these buttons
are as follows:
–
Do not check certificates for revocation
–
Check Certificates for revocation
• Revocation Methods area—Lets you specify the method–CRL or OCSP–to use for revocation
checking, a nd the order in which to use these methods. You can choose either or both methods.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——