This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can we add additional signing CA for Cisco IOS IPSEC VPN?

Hi,

let´s say you have a utm site which was deployed in 2007 and still uses the same signing ca created back there. If you want to use Cisco IPSEC with IOS that will probably not work - you have to create a new signing ca. On the other hand - all previously created VPN tunnels will probably not work after that. So the question would be - is it possible to create another fresh signing ca or is still only one signing ca possible per utm? what will happen if you create a new signing ca? will all previously created vpn tunnels go offline or will the utm somehow convert the old signing ca and will verify it nevertheless?

Best,

Joerg

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Hi Joerg,

Are your IPsec site-to-site tunnels configured with X509 certificates?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 JoergRiether over 9 years ago in reply to BAlfson

Hi Bob,
sorry for the late answer, was out of office. Mostly site-to-site IPSec with IP as ID and preshared key as secret. But on the other hand many vpn remote users using sslvpn. So my guess is the site-to-site tunnels will probably continue to work but the openvpn profiles have to be re-enrolled. Correct from my point of view?
Best
Joerg
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to JoergRiether

That's right, Joerg!

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago in reply to JoergRiether

That's right, Joerg!

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data