Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 5946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can we add additional signing CA for Cisco IOS IPSEC VPN?

JoergRiether

Hi,

let´s say you have a utm site which was deployed in 2007 and still uses the same signing ca created back there. If you want to use Cisco IPSEC with IOS that will probably not work - you have to create a new signing ca. On the other hand - all previously created VPN tunnels will probably not work after that. So the question would be - is it possible to create another fresh signing ca or is still only one signing ca possible per utm? what will happen if you create a new signing ca? will all previously created vpn tunnels go offline or will the utm somehow convert the old signing ca and will verify it nevertheless?

Best,

Joerg



This thread was automatically locked due to age.
Parents
  • 0

    Hi Joerg,

    Are your IPsec site-to-site tunnels configured with X509 certificates?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,
    sorry for the late answer, was out of office. Mostly site-to-site IPSec with IP as ID and preshared key as secret. But on the other hand many vpn remote users using sslvpn. So my guess is the site-to-site tunnels will probably continue to work but the openvpn profiles have to be re-enrolled. Correct from my point of view?
    Best
    Joerg
  • 0 in reply to JoergRiether

    That's right, Joerg!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML